ALLIANCE BANK MALAYSIA BERHAD RISK MANAGEMENT REPORT (for the financial year ended 31 March 2009)

Transcription

1 ALLIANCE BANK MALAYSIA BERHAD RISK MANAGEMENT REPORT (for the financial year ended 31 March 2009) INTRODUCTION As Alliance Financial Group Berhad (AFGB) is principally an investment holding company, the risk management function of the day to day operations of the Group is carried out by its wholly owned and main operating subsidiary, Alliance Bank Malaysia Berhad (ABMB or the Bank). The Group Risk Management Committee (GRMC) has been established at the ABMB Group level for risk oversight within the Group. At AFGB, the Board carries out high level risk management of its investment in all operating subsidiaries as well as the capitalisation needs of the AFGB Group. OVERVIEW The Group has established an integrated risk management framework (IRMF) which incorporates risk management and compliance frameworks. The IRMF ensures our practices are consistent with industry best practices and that we are well placed to deal with challenges arising from the global financial turmoil. Under the IRMF, we have a structured risk governance framework which strongly incorporates Board and Senior Management oversight. RISK MANAGEMENT INFRASTRUCTURE The Group s IRMF infrastructure outlines the fundamental principles upon which accountability and responsibility for effective risk management are based. These principles stipulate that: the GRMC is responsible for risk oversight which includes approving and periodically reviewing risk management policies, risk exposures and limits whilst ensuring the necessary infrastructure and resources are in place; specialised risk committees, namely the Group Credit Risk Management Committee (GCRMC), Group Operational Risk Management Committee (GORMC) and Group Assets and Liabilities Management Committee (GALCO) assist the GRMC in managing credit risk, operational risk as well as market and liquidity risk respectively. These specialised committees are responsible for the development and implementation of risk policies as well as the assessment of the effectiveness of policies; business units form the first line of defence against risk, by managing the risk versus reward trade-off within the scope of risk tolerance and policies that the Group has laid down. Page 1 of 13

2 Business risk units are responsible for monitoring business activities and ensuring that they are carried out within the approved product programme parameters and business models; Group Risk Management forms the second line of defence. Group Risk Management is responsible for assisting the Group in formulating the risk management framework and policies; developing tools and methodologies for the identification, measurement, monitoring and valuation of risk; and recommending risk mitigation measures; Group Risk Management also assists the GRMC and the Board in performing independent monitoring and reporting to ensure that the approved risk policies, directives and limits are implemented and complied with; Group Internal Audit forms the third line of defence by providing an independent assessment of risk management processes and infrastructure as well as the adequacy and effectiveness of risk policies and internal controls. The Group s risk governance framework encompassing the three lines of defence concept is depicted below: Page 2 of 13

3 Index Table GAC BOD CORM GRMC GORMC GCRMC GALCO GPMC Group Audit Committee Board of Directors Compliance and Operational Risk Management Group Risk Management Committee Group Operational Risk Management Committee Group Credit Risk Management Committee Group Assets and Liabilities Management Committee Group Product Management Committee STRESS TESTING The Group carries out stress testing to estimate the potential impact of extreme events on the Group s earnings, balance sheet and capital. These stress tests also aim to gauge our sensitivity and vulnerability to a sector, customer or product segment. The Group has a stress testing framework which is applied to identify: potential vulnerable risk areas of the Bank s portfolio to stress events. It examines an alternative future that could cause problems to the Bank s portfolio, thus enabling the Bank to assess the potential worst case scenarios and prepare for them; and possible events or future changes in financial and economic conditions that could have unfavourable effects on the Banks ability to withstand such changes (particularly in relation to the Bank s capital and earnings capacity to absorb potentially significant losses), thus enabling the Bank to take steps to manage these risks and conserve capital. The Stress Test Working Group has a team comprising Group Risk, Business Risk, Group Finance and the Lines of Business. The stress test parameters are formulated internally, taking into account the economic scenario, plus current and forecasted key indicators over a rolling one year period. The scenario and parameters are presented to the Stress Test Working Group and to the GRMC for deliberation before being rolled out to the respective business units to run portfolio and segmental stress tests. In collaboration with Group Finance, the results are then centrally consolidated by the Lines of Business at the banking entity and banking group levels, analysed and reported to the Stress Page 3 of 13

4 Test Working Group, GRMC/the Board and to the central bank. These results are not reviewed in isolation. Where it is appropriate, proactive action is taken to realign our product programmes, lending guidelines and contingency plans with the stress test results. RISK CULTURE An organisation s risk culture, the soft side of its risk management activities, is often taken for granted, even though it is a critical dimension for building an effective risk management architecture. At a basic level, an organisation s risk culture relates to the underlying awareness that management and everyone else in the organisation have in relation to risk and risk-taking matters. The risk culture sets the tone of an organisation and this should be clearly embedded into everyone in the organisation as they conduct their daily activities and pursue their objectives. A strong risk culture provides an essential foundation upon which an organisation can build a risk management architecture to manage risks and opportunities in a rapidly changing environment. KEY ATTRIBUTES OF AN EFFECTIVE RISK CULTURE 1 Leadership & strategy Demonstrate ethics & values Shared ethical practices Tone at the top Communicate mission & objectives Top-down alignment of strategy Policies and guidelines 2 Accountability & Reinforcement 3 People & Communication 4 Assign individual accountability Assignment of ownership Demonstrated accountability Measure and reward performance Incentive & discipline Performance indicators Monitoring Risk Management & Infrastructure Promote competence Competence and resources Training Share information and knowledge Information quality Top-down communication Communication across processes Assess & measure risk Risk assessment practices Risk tools and processes Establish process and controls Process reliability and efficiency Control effectiveness and efficiency System access and security Page 4 of 13

5 The Group Risk Management contains three central risk functions, namely Credit Risk Management, Market Risk Management and Operational Risk Management. The roles and responsibilities of each department are outlined below. CREDIT RISK MANAGEMENT The Group s Credit Risk Management focuses on managing the risk of financial loss as a result of a customer or counterparty s failure to discharge their contractual obligations. For this purpose, we have established a common platform for the centralisation of core credit policies to ensure that the overall risk philosophy, risk strategies, risk appetite and tolerance limits, and control measures are consistently applied across the Group. The Group Credit Risk Policies Framework is implemented to ensure effective governance and control over the risk management processes. The framework clearly defines the roles and responsibilities with regards to policy development, review, approval and revision of the Group s core risk policies. It also sets the infrastructure for the different levels and types of risk policies for consistency and harmonisation. The role of Group Credit Risk Management is further differentiated between Group Credit Risk and the business risk units, in that the Group Credit Risk handles risk controls on broad policies, sets risk standards, risk appetite and tolerance limits for the Group. The business risk units, on the other hand, assume the ownership as well as management of the risks inherent in their respective business activities, which they must understand and control, guided by the policies and standards set by Group Credit Risk. Specific product programmes and credit programmes have been developed to manage various products and class of lending. Exposure limits, macro-economic condition triggers and asset quality tripwires are among the parameters set within each product or credit programme. Additionally, we ensure that there is a clear segregation of duties between loan originators, evaluators and approvers in the Risk Management function. Page 5 of 13

6 MARKET RISK MANAGEMENT The Group s Market Risk Management department essentially focuses on managing market risk, which comprises Price Risk and Liquidity Risk. Price Risk is the risk of loss of earnings arising from changes in interest rates, foreign exchange rates, equity prices, commodity prices and in their implied volatilities. Liquidity Risk takes two forms: funding liquidity risk and market liquidity risk. Funding liquidity risk could arise if the Group or Bank is unable to meet our financial commitments when due. Market liquidity risk arises if the Group/Bank is unable to unwind or offset its position in the market within a short span of time, at or near the previous market price, because of inadequate market depth or disruptions to the marketplace. Within the Group, market risk in the Banking Book is supervised primarily by the GALCO and executed through Financial Markets. Market risk in the Trading Book is managed primarily by Financial Markets based on policies and limits approved by the GRMC or Board. ABMB s current market risk exposures in the Trading Book are relatively small, typically with less than Page 6 of 13

7 1% impact on the Bank s Core Capital Ratio and Risk-Weighted Capital Ratio (RWCR), on a month-to-month basis. The bulk of the Group s treasury positions comprise short term money market instruments and longer-term capital market instruments, including Malaysian Government Securities; followed by foreign exchange contracts, which are primarily entered into to meet the needs of our commercial and corporate customers. While the Group offers share financing, stock broking and unit trust management services to our retail customers, the treasury arm did not undertake proprietary trading of equities and commodities in financial year ended 31 March Group Market Risk Management undertakes the following support roles: formulates and enhances the Group s market risk management framework and policies as well as the asset-liability management framework and policies in accordance with the Group s business direction and revised regulatory requirements; carries out independent monitoring of treasury activities on a daily basis, in accordance with approved policies and limits. This includes reporting of any limit excesses or breaches; provides independent marked-to-market valuation of treasury positions and risk exposures, using data obtained from various sources, such as independent market price/information providers; reviews New Product Approval Papers (in conjunction with other risk management units), to assess the market and liquidity risks prior to launching new products; and provides integrated risk management support activities in conjunction with other Risk Management functions and participates with other departments on joint assignments and projects involving market risk, liquidity risk and asset-liability management and stress testing exercises. The following are among the many projects and initiatives related to market and liquidity risk management: Treasury System We have implemented a Group wide treasury system to enable the Group to effectively manage the risk exposures for existing and new treasury products. The treasury system encompasses the front, middle and back offices, with functional capabilities covering deal Page 7 of 13

8 capture and processing, limits monitoring, risk management (including Value-at-Risk functionality), accounting and management reporting; plus interfaces to the settlement systems. Under Phase 1 of this project, the Group has successfully set up the system to handle conventional and Islamic banking treasury instruments, covering traditional forex and money market instruments, interest rate swaps and dual currency investments. For the next phase of the project, we plan to cover other forex and interest rate structured products. Asset-Liability Management & Funds Transfer System Under the Funds Transfer Pricing (FTP) Module, the Group has also set up the functionality to perform matched-term FTP to measure the relative performance of deposit-taking and loangeneration units. Through the FTP process, the interest rate risks in the Banking Book will be managed by the GALCO via Financial Markets, thus allowing the other business units to concentrate on managing their portfolio credit risk exposures. Under the Assets & Liabilities Management (ALM) Module, the Bank has set up the functionality to govern our static liquidity and interest rate risk exposures. The next phase of this project is intended to cover dynamic simulations and projections. Page 8 of 13

9 OPERATIONAL RISK MANAGEMENT Operational risks arise from inadequate or failed internal processes, people and systems or from external events. These risks are managed by the Group through the following key measures: sound risk management practices in accordance with Basel II and regulatory guidelines; Board and senior management oversight; well-defined responsibilities for all staff concerned; established standards in risk identification, controls and monitoring; and fostering a better risk awareness culture. Having revised our Operational Risk Management Framework which forms the bedrock for operational risk governance, we are now embedding the discipline of operational risk management within our operations. The Group has strengthened its infrastructure and applied several techniques for the administration of operational risks together with the use of rating matrixes. These tools are system-driven and have been constantly used to aid in self Page 9 of 13

10 assessment, control and monitoring. Moreover, incidents of loss events are tracked and captured for analytical risk profiling and to further enhance our controls. Escalation and reporting processes are well instituted through various management committees notably the Group Operational Risk Management Committee and GRMC as well as the Board. The responsibilities of the committees and the Board include the following: oversight and implementation of the Operational Risk Management Framework; establishment of risk appetite and the provision of strategic and specific directions; regular review of operational risks reports and profiles; addressing operational risk issues; and ensuring compliance with regulatory and internal requirements including disclosures. To inculcate a stronger risk culture throughout our organisation, The Group ensures staff training in this area is constant and ongoing. This training includes the all important element of business continuity planning while business continuity and disaster recovery procedures are regularly conducted. As part of our initiative to ensure that new products are duly managed, we revised our guidelines during the year in compliance with regulatory changes. Internal audit plays its part in ensuring an independent assurance of the implementation of the framework through their conduct of regular reviews and reports to the Board. The illustration below summarises the foundation of the Group s management of operational risks. Page 10 of 13

11 BUSINESS RISK TEAMS In the Group, besides Group Risk as outlined above, the Group has dedicated Business Risk Teams who are embedded within the Consumer Banking, Commercial Banking, Corporate Banking and Investment Banking businesses. The teams have contributed to building the bestin-class risk infrastructure and analytics for managing risk in the businesses. These Business Risks Teams form an integral part of the Business Model with direct and independent reporting lines to Group Chief Credit Officer. They provide core credit functions such as credit underwriting, policy setting, credit documentation and administration, portfolio management, credit analytics and loan monitoring and recovery. They also identify changes in Key Risk Indicators and other risk concentrations and mitigate critical risk concerns. With these Business Risk Teams in place, the Group has benefited in terms of improved turnaround time, better credit quality and more effective monitoring of Key Risk Indicators through risk dashboard monitoring/reporting and credit analytics. BASEL II ACCORD The Group monitors its capital adequacy position closely to ensure compliance with Bank Negara Malaysia s (BNM) requirements and international best practices. In this regard, we are guided by the Basel II Accord which provides guidance on the amount of regulatory capital that Page 11 of 13

12 banks need to put aside in proportion to their risk profile arising from a bank s lending, investment and trading activities. We are committed towards adhering to such international standards that are established to protect shareholders and customers against the risk of bank failure. The Group adheres to the Basel II s rigorous risk and capital management requirements and continually strives to ensure the efficient use of capital. The Group is fully committed to progressively building up its capabilities to align with the advanced approaches Basel II takes in relation to credit risk, market risk and operational risk. In this regard, we have allocated the necessary budget and resources to undertake the relevant tasks. We have established a Group Project Management Office to coordinate the overall implementation of the various Basel II initiatives. Thus far, the Group has successfully rolled out the Basel II Solution which comprises the Basel II Capital Adequacy Calculator and the Collateral Management module of the Collateral Management & Limit Monitoring System, which is crucial for the implementation of BNM s Standardised Approach for banks in Malaysia (effective 1 January 2008). Key Basel II projects: Basel II Solution This project focuses on regulatory compliance and lays the foundation to go beyond Basel II, through risk-based pricing, economic profit, and risk-adjusted return on capital (RAROC). Operational Risk Management (ORM) Solution A comprehensive Group-wide integrated ORM Solution with Loss Data Capture, Risk Control & Self Assessment and Key Risk Indicators Modules, which will help to provide a foundation in line with best-in-class risk governance. Collateral Management Module Phase 1 addresses the operational and monitoring requirements of the Basel II Accord and BNM s guidelines in order for the collateral to be eligible for credit risk mitigation. Phase 2 covers the Limit Management Module and is intended to enable the Bank to better manage its credit risk concentrations. Page 12 of 13

13 The following table highlights the elements of the Basel II approaches adopted as at 31 March 2009: Credit Risk Market Risk Operational Risk Standardised Approach Standardised Approach Basic Indicator Approach Page 13 of 13