Start
:
About Us
:
Risk Management
Risk Management
Risk Management
AS Expobank hereby discloses information about risk and capital management under the provisions of Paragraph one of Section 363 of the „Law on Credit Institutions” of the Republic of Latvia and the Financial and Capital Market Commission Regulations „On Information Disclosure and Institution Transparency” arising out of the Directive 2006/48/EC of the European Parliament and of the Council relating to the taking up and pursuit of the business of credit institutions (recast) and of the Directive 2006/49/EC of the European Parliament and of the Council on the capital adequacy of investment firms and credit institutions.
AS Expobank’s (hereinafter – the Bank) strategic goal for risk management is to achieve an adequate balance between risks assumed by the Bank and profit and to minimize the potential adverse effect of risks on the Bank’s financial performance and operation.
The Bank applies the requirements of FCMC regulations concerning risk management and ensures that risk control and compliance control functions are exercised independently from business and internal control units, including enabling direct contact between these functions and the Bank’s Council and Board of Directors. Risk management is based on systemic approach and is integrated into the Bank’s internal control system. Risk management process in the Bank is carried out in the aggregate, i.e., the Bank consolidates its operations and carries out risk management including branches.
Risk control function is organized into a separate structural unit – the Risk Department, which focuses on setting up and maintaining a risk management system consistent with the Bank’s operation and regulatory requirements, as well as on planning, revising and improving this system in line with changes in the Bank’s operation and external factors impacting it.
The Bank has established a structural unit for compliance risk management, including its identification, assessment and control, whereas certain common functions of compliance control function are delegated to other structural units.
To manage, control and regulate inherent risks the Bank applies the following basic principles:
· Comprehensive management – the Bank implements risk management as a systematic set of measures, and supports risk identification and management at the level of risk inherent in individual risk transactions, set of transactions exposed to risk, and the Bank’s operations in general
· Prudence –the Bank acts with discretion, only accepts risks in known spheres of business, does not accept unreasonable risks in any of such spheres, places limitations on or refuses to introduce services associated with heightened risks;
· Adequate risk management environment –the Bank creates an internal environment and management culture, which stresses high standards of ethical conduct at all levels of the Bank’s organizational structure thereby facilitating effective internal control;
· Integrity – risk management systems are integrated into the Bank’s internal control system;
· Obligation – the Bank ensures that risk management requirements are binding on all structural units and employees. The Bank does not introduce new products, services, processes or systems until identified inherent significant risks have been addressed by the Bank’s risk management system and permissible exposure levels have been defined;
· Continuity – the Bank views risk management as an ongoing continuous process: risk identification, analysis, decision making, implementation and control are performed on ongoing basis as part of the Bank’s development process;
· Function separation – within the risk management process risk measurement, analysis and control functions are separated from the functions of business units (risk acceptance functions);
· Consistency – the Bank defines permissible exposure levels and implements adequate risk management according to its business and corporate strategy;
· Holistic approach – the Bank performs risk analysis in its entirety at the level of relevant committees and the Risk Department, thereby enabling holistic assessment of interaction of risks and the Bank’s total risk exposure;
· Individuality – the Bank manages inherent significant risks for all types of activity at the level where such risks occur in the structural unit, which is chiefly responsible for deals and actions exposed to the respective type of risk;
· Regularity – the Bank specifies the periodicity of risk identification, measurement, assessment, stress-testing, control and reporting;
· Transparency – the Bank discloses risk management information on its website;
· Discipline –the Bank exercises constant control over compliance with regulatory requirements applicable to risk management, including limits, restrictions and powers.
The Bank identifies all inherent significant risks, also prior to introduction of new products and services, and develops policies for risk management in compliance with laws and regulations, standards of self-governing institutions pertaining to banking, codes of professional conduct and ethics and other best practice banking standards. Under these policies the Bank documents and implements procedures for risk measurement, assessment, mitigation, control, risk reporting and disclosures. Policies are revised at least once a year based on changes in the Bank’s operation and external factors impacting it.
In its risk management process the Bank applies prudent risk management methods consistent with the Bank’s business activity types and their specific character achieving efficient minimization of total risk.
Risk control is implemented as a set of systemic measures with adequate risk control procedures, including restrictions and limits on maximum permissible exposure levels, exposure limitation methods, and control procedures to mitigate risks that cannot be defined in quantitative terms.
The Bank’s Council, Board of Directors and heads of relevant structural units regularly receive reports about inherent risks to be able to timely and continuously assess the risks that can impair the Bank’s ability to achieve its goals.
The Bank’s Council supervises risk management in the Bank and assesses its efficiency at least once a year, approves general corporate and risk management strategy, reviews and approves risk management policies and supervises the performance of the Board of Directors in the implementation of such policies.
The Board of Directors ensures ongoing identification and management of the Bank’s risk exposure under risk management policies approved by the Council, as well as the development and approval of internal regulations establishing adequate risk measurement, assessment, control and reporting procedures, division of authority and responsibility between structural units, and procedure for risk management reporting and disclosures.
The Bank has identified the following inherent significant risks that require risk management and control: credit risk, concentration risk, liquidity risk, interest rate risk, foreign exchange risk, country risk, operational risk (including legal risk), IT risk, compliance risk, money laundering and terrorist financing risk, reputation risk and strategy and business risk.
Information about credit risk, concentration risk, liquidity risk, foreign exchange risk, interest rate risk and operational risk management, capital adequacy and internal capital assessment is available from the Bank’s Annual Report for the Year Ended 31 December 2011 that is available also on the Bank’s website at:
The said information on previous reporting periods is available also on the Bank’s website at:
Compliance Risk
Compliance risk is a risk that the Bank may suffer losses, penalty or injury to goodwill, or its future business may be put at threat if the Bank fails to comply with laws and regulations, standards of self-governing institutions pertaining to banking, codes of professional conduct and ethics and other best practice banking standards (hereinafter – compliance laws, regulations and standards).
The Bank has set a goal – to create an efficient compliance risk management system to prevent losses, imposition of legal duties or penalties and injury to goodwill. In this respect the Bank acts on an action plan, which specifies compliance risk management measures for a reporting period, and controls the implementation of internal regulations governing compliance risk management.
The Bank takes preventive actions to fully and timely identify, document and assess inherent compliance risks in their early phase by developing adequate internal regulations prior to introduction of new products and services.
Fundamental principles of compliance risk management are established in the Compliance Risk Management Policy. Apart from that, the Bank has developed internal regulations necessary for the implementation of compliance risk management.
The Bank has appointed an employee who is responsible for compliance risk management in general and exercises independent control over compliance risk management, while employees of the Bank’s structural units are responsible for observing compliance laws, regulations and standards in performing their job duties.
The Bank assesses compliance risk for all spheres and types of the Bank’s activity by means of expert/self-assessment method.
The Bank organizes staff training in compliance risk and associated problems, consults and provides support to staff regarding regulatory requirements governing compliance issues, the Bank’s internal regulations, their development, improvement, unified and efficient application and implementation.
Money Laundering and Terrorist Financing Risk
It is one of the strategic goals of the Bank to preserve the Bank’s goodwill and stability in the Bank’s relationship with customers, business partners and the public in general, to cooperate with and provide financial services to trustworthy customers and business partners, whose business and activities are understood by the Bank in order to prevent the Bank as much as possible from becoming involved in money laundering and terrorist financing and to prevent losses that can arise in case of rapid loss of confidence among bona fide customers and business partners.
Compliance risk on the level of prevention of money laundering is a risk that the Bank’s compliance with laws and regulations governing prevention of money laundering and terrorist financing is insufficient or that the Bank may become involved in money laundering and/or terrorist financing through its customers or business partners.
To minimize money laundering and terrorist financing risk the Bank has created an internal AML system, which includes actions and measures directed towards enforcement of the requirements of the Law On the Prevention of Laundering of Proceeds Derived from Criminal Activity, including risk assessment, control and mitigation measures, having allocated adequate resources for the purpose.
The Bank’s internal control system comprises the following basic elements and measures:
· entering into and discontinuing a business relationship with a customer;
· customer identification;
· assessment of a customer’s money laundering or terrorist financing risk;
· identification and early analysis of customer’s beneficial owner;
· monitoring and in-depth analysis of customer’s deals;
· discovering and reporting unusual and suspicious transactions to the Office for Prevention of Laundering of Proceeds Derived from Criminal Activity;
· refraining from suspicious transactions;
· filing data and documents received during customer identification, analysis and transaction monitoring, results of analyses and reports;
· staff training.
As part of cooperation with customers the Bank applies a risk assessment-based customer analysis method to possibly shut out cooperation with persons involved in money laundering and terrorist financing.
The Bank does not enter into a business relationship with a customer until identification of that customer and beneficial owner has been performed in compliance with applicable laws and regulations and the Bank’s internal regulations. The Bank does not open anonymous accounts.
Country Risk
Country risk is a risk of losses that may occur if a non-resident business partner of the Bank is unable to fulfil contractual obligations to the Bank due to political, social or economic conditions of the country of residence of that business partner.
The Bank’s country risk management strategy is to achieve a sound balance between country risk and projected returns and ensure maximum protection of the Bank from losses that can result from country risk impact. The Bank’s internal regulations specify a procedure for country risk assessment, which makes use of ratings by external credit rating institutions – international rating agencies and other information about economic and political conditions of countries, thereby identifying countries and regions whose risk is regarded as significant. The Bank sets country risk limits for efficient management and mitigation of country risk. The Bank monitors country risk levels on ongoing basis assessing country risk both before effecting a new transaction and throughout the business relationship.
IT Risk
Information technology risk is the Bank’s exposure to losses or failure to receive profits in case of unsatisfactory information technology or inadequate, insufficient information processing and lack of security of information resources and systems, including confidentiality, integrity and availability.
The Bank performs IT risk analysis from time to time to identify and classify risks and principal risk factors (threats) that can impact the availability, integrity and confidentiality of the Bank’s information resources.
Based on the results of risk analysis the Bank develops a plan of measures for prevention or reduction of risks to a permissible level.
When choosing measures for risk reduction the Bank applies the principle of commensurability of costs of information resources security.
The Bank analyzes IS performance by modelling maximum system loads. Business continuity planning uses scenario-based methods. Business continuity plan details measures to be taken to restore the Bank’s functions should a risk event occur. The plan is reviewed and updated on regular basis.
IT risk control is implemented as a set of systemic measures, which includes the following risk control procedures:
· restoring business processes;
· developing and acquiring information systems;
· maintenance (change and control) procedures;
· physical and logical access security control.
Legal Risk
Legal risk is the Bank’s exposure to losses or failure to receive profits as a result of inappropriate, incomplete or inaccurate legal documentation related to the Bank’s transactions, which does not provide or fails to sufficiently provide for division of responsibility between the Bank and its customers or business partners and dispute resolution procedures, as well as when deals are not executed in accordance with signed agreements.
The Bank recognizes legal risk as part of operational risk. Legal risk management and control methods, division of duties and responsibilities are similar to those established for operational risk management. To reduce the probability of legal risk event occurrence the Bank develops internal regulations and model agreements.
Reputation Risk
Reputation risk relates to a potential negative public opinion of the Bank’s situation which may result in loss of the Bank’s existing customers and the ability of the Bank to acquire new customers.
Reputation risk management involves creation and maintenance (protection) of good repute both under normal operating conditions, and in an emergency situation.
The Bank performs monitoring of the reputation risk with the aim to mitigate the Bank’s reputational risk in general and to prevent possible losses; this monitoring includes:
· analysis of reputation risk and probability of occurrence thereof;
· control of information in mass media;
· reception, collection and provision to mass media and business partners of information regarding the Bank’s operations and the activities to be carried out.
To maintain good reputation under normal operating conditions, the Bank determines at least permanent improvements of scope of operations, business processes, products and services, including procedures and periodicity of revision of internal regulations. The procedures define basic principles for cooperation of the Bank with its customers, business partners and other stakeholders, and the Bank’s concept of public relations (including advertising).
The Bank has developed a code of ethics governing the professional conduct and ethical principles, norms and standards, thus ensuring that the members of the Bank’s Council and the Board of Directors, managers of structural units and other employees carry out their duties with utmost honesty, are objective in performance of their professional duties and decision-making, comply with compliance laws, rules and standards, respect commercial secret and confidentiality regulations regarding in formation on transactions and customers’ personal information, and their actions and behaviour are consistent with high ethical standards; this code defines also core values of the Bank’s corporate identity and ensures early identification and management of a potential conflict of interest situation.
Strategy and Business Risk
Strategy risk is the risk of suffering losses arisen from an error in decision establishing the Bank’s strategic activities and development.
To ensure strategy and business risk management, the Bank has established a strategic planning system, within which the Bank at least analyzes, evaluates and documents various scenarios of possible development of the Bank, depending on different scenarios of external conditions, identifies potential events and potential changes in market conditions, which may have a negative impact on the Bank’s operations and which may hinder achievement of the Bank’s objectives, as well as assesses impact of such events or changes in the market conditions on the Bank’s operations.
The Bank mitigates the strategy and business risk by constantly monitoring the compliance of the Bank’s current indicators with the adopted plans of the Bank and making appropriate adjustments if necessary.
Remuneration Policy
The Bank’s remuneration policy is established in its Personnel Management Policy. The remuneration system of the Bank’s personnel is designed basing on establishment of a competitive monthly position salary (the fixed component of remuneration) for each employee according to the education, practical skills, level of responsibility required for the particular position, and contribution of the particular employee to performance of tasks of the relevant structural unit. The Bank’s remuneration system is organized following the principle that the employee’s salary is neither dependent on achievement of short-term goals, nor from the possibilities of the relevant position to increase the profit of the Bank, in order to discourage such risk-taking, which is above the risk-taking level established. The Bank refrains from regular and planned bonus payments and similar financial incentive funds, grants or other material benefits, providing for the inclusion of all financial benefits to be provided to an employee in the position salary of the employee, i.e., the Bank does not establish any variable part of a salary of its employees. The Bank does not have any group of positions affecting the Bank’s risk profile other than members of the Board of Directors. According to the procedure approved by the Council, in 2010, the total amount of the fixed part of the annual salary of four members of the Board of Directors approved by the Council before payment of the taxes and duties imposed according to the laws of the Republic of Latvia was LVL 333 067 , an the total amount of the variable part of the annual salary before payment of the taxes and duties imposed according to the laws of the Republic of Latvia was LVL 72 472. The variable part of the remuneration does not include any structural elements other than money. In 2010, no one member of the Board of Directors was discharged and no severance payment was made. The Council of the Bank has not yet approved the procedure of calculation of the variable part of the remuneration of the members of the Board of Directors for 2011.
Quantitative information about risk indicators, as well as capital adequacy and internal capital adequacy is also given on the Bank’s website:
http://www.expobank.eu/eng/left/about-us/financial-statements
