Key risks impacting the Bank’s business

Since the first quarter of calendar year 2020, the Covid-19 pandemic has impacted several countries, including India. This resulted in countries announcing lockdowns and quarantine measures that sharply stalled economic activity. The Government of India initiated a nation-wide lockdown from March 25, 2020 for three weeks which was extended to May 31, 2020 in three phases. Several countries took unprecedented fiscal and monetary actions to help alleviate the impact of the crisis. The Reserve Bank of India (RBI) has announced several measures to ease stress in the financial system, including enhancing system liquidity, moratorium on loan repayments for borrowers, asset classification standstill benefit to overdue accounts where a moratorium has been granted and relaxation in liquidity coverage requirement, among others.

The Indian economy would be impacted by this pandemic with contraction in industrial and services output across small and large businesses. The banking system is expected to be impacted by lower lending opportunities and revenues in the short to medium term and an increase in credit costs. The impact of the Covid-19 pandemic on Bank’s results remains uncertain and dependent on the spread of Covid-19, further steps taken by the government and the central bank to mitigate the economic impact, steps taken by the Bank and the time it takes for economic activities to resume at normal levels. The Bank’s capital and liquidity position are strong and would continue to be the focus area.

Crisis and catastrophe related risks

RISKS

Crises in the nature of economic events, financial risks, geo-political tensions, natural calamities, climate change and health epidemics could affect the Indian economy or the economies of countries where the Bank operates. The global financial crisis in 2008 and the global outbreak of the Covid-19 pandemic are events that have significantly impacted the Indian economy and businesses and have created new challenges for banks. These crises could also lead to subsequent changes in laws, regulations and policies, which could affect the Bank's business in general, its operations, its products and services and could reduce profitability.

MITIGANTS

The Bank focusses on building capabilities on an ongoing basis to respond to such events, including natural calamities and epidemics. The response could be through various channels including strengthening the financial position of the Bank by maintaining a strong balance sheet and ensuring adequate buffers in capital and liquidity, continuously enhancing risk management practices in credit and operations, business continuity planning, skilling employees, and building or creating alternate infrastructure facilities and other such responses.

Macroeconomic uncertainties

RISKS

Developments in the Indian economy could have a material impact on growth and value creation in the Bank’s business. The Bank’s presence in international markets also exposes it to risks from global developments. Uncertainties exist due to India’s high dependence on global crude oil, capital requirements, evolving policies and sustainable job creation. These risks are heightened in view of the Covid-19 pandemic.

MITIGANTS

The Bank closely monitors developments in the global and Indian economy. It has a dedicated team for monitoring and evaluating the impact of macroeconomic trends. The Bank has an established Country Risk Management Policy which addresses the identification, measurement, monitoring and reporting of country risk. The Bank’s risk team continuously monitors all sectors as well as corporates within the sectors and country risks.

Credit

RISKS

The Bank’s core business is lending which exposes it to various types of credit risks, especially failure in repayments and increase in non-performing loans. The Bank’s loan portfolio includes retail loans and corporate loans which are vulnerable to economic risks. These risks are heightened in view of the Covid-19 pandemic. Banks in India are subject to directed lending requirements that may create additional risks. Further, legal and regulatory changes and increasingly stringent requirements regarding non-performing loans and provisioning for such loans could also be a risk.

MITIGANTS

The credit-related aspects in the Bank are primarily governed by the Credit and Recovery Policy approved by the Board of Directors. The Bank measures, monitors and manages credit risks at an individual borrower level and at the portfolio level. In the last few years, the Bank has refined and strengthened its framework for managing concentration risk, including limits and thresholds with respect to single borrower and group exposure. Limits have been set up for borrower group based on turnover and track record and on lower rated borrowers. Further, the Bank has pursued a strategy of building a granular and diversified portfolio and lending to better rated corporates. The Bank's efforts are also being strengthened through institutional mechanisms like the Insolvency and Bankruptcy Code and Credit Bureaus.

Market and liquidity

RISKS

Movement in interest rates, foreign exchange rates, credit spreads and equity prices could impact the Bank’s net interest margin, the value of the trading portfolio, income from treasury operations and the quality of the loan portfolio. These risks are heightened in view of the Covid-19 pandemic. Banks in India are subject to statutory liquidity ratio requirement, capital and liquidity requirements that structurally exposes them to interest rate risks and liquidity risks. Further, deposits are an important source of funding which are primarily short-term in nature and banks face the risk of asset-liability mismatches if not rolled over by depositors.

MITIGANTS

The Investment Policy, Asset Liability Management Policy and Derivatives Policy, approved by the Board of Directors, govern the treasury activities and the associated risks and contain the limits structure. The Asset Liability Management Committee which includes the MD & CEO, wholetime directors and senior executives periodically reviews the Bank’s business profile and its impact on asset liability management. The Market Risk Management Group monitors key parameters on a periodic basis and recommends changes in policies, processes and methodologies. Building a strong liability franchise is a core strategic focus for the Bank.

OPERATIONAL

RISKS

There is a risk of loss resulting from inadequate or failed internal processes, people or systems or from external events. This could include fraud or other misconduct by employees or outsiders, unauthorised transactions by employees and third parties, mis-reporting or nonreporting with respect to statutory, legal or regulatory reporting and disclosure obligations, operational errors including clerical and record-keeping, and system failures.

MITIGANTS

The Bank has put in place a comprehensive system of internal controls, systems and procedures to monitor transactions, key back-up procedures and to undertake regular contingency planning. The governance and framework for managing operational risks is defined in the Operational Risk Management Policy approved by the Board of Directors.

Technology

RISKS

Rapid technological developments and the increasing dependence on technology, combined with the continuous digitisation of banking activities have exposed banks to a host of new risks like obsolescence of IT systems, IT resiliency and business continuity, technology vendor and third party risks, incorrect or inadequate data backups, inadequate change management practices, ineffective identity and access management leading to unauthorised access to IT systems, budget overruns in IT projects, regulatory non-compliance and other relevant matters. Misalignment between business and IT strategies is also a formidable risk.

MITIGANTS

The Bank’s Information Technology Strategy Committee, which is a Board level Committee, ensures that the information technology strategy is aligned with the business strategy. The Committee meets periodically to review ongoing IT projects and their schedules, major IT incidents, technology risk indicators and status of regulatory compliance. The Bank has established policies and control frameworks on change management, logical access management, IT outsourcing and Data Centre processes to ensure that the risks are identified and appropriate mitigating controls are put in place. In addition, independent assessments of IT processes are carried out by the Internal Audit Group periodically to provide assurance on the effectiveness and efficiency of IT systems and processes.

Cyber risk

RISKS

Increasing reliance on technology and digitisation increases the risks of cyber attacks including computer viruses, malicious or destructive code, phishing attacks, denial of service or information, ransomware, unauthorised data access, attacks on personal emails of employees, application vulnerability and other security breaches. This could negatively impact the confidentiality, integrity or availability of data pertaining to the Bank and its customers. Given the nature of the new digital economy, the Bank also has business and operational relationships with third parties and these could also be sources of information security risk.

MITIGANTS

The Board level Information Technology (IT) Strategy Committee oversees cyber security related threat landscape and the Bank’s preparedness to address these threats from a prevention, detection and response perspective. The Bank’s Chief Information Security Officer (CISO) is responsible for tracking the risks. Confidentiality, integrity, and availability (CIA) form part of a comprehensive information security framework that the Bank has put in place. The Bank also lays emphasis on customer security and has invested in the areas of phishing protection, adaptive authentication, awareness initiatives and has also taken industry - leading initiatives in providing customers easy and immediate ability to configure their risks and limits.

Compliance

RISKS

The environment for financial institutions is witnessing unprecedented changes in laws, regulations and regulatory policies. This could increase the risks of non-compliance and regulatory actions in the form of fines, restrictions or other sanctions for instances of regulatory failures. The failure to comply with applicable regulations by employees, representatives, agents, third-party service providers either in or outside the course of their services, may result in inquiries or investigations by regulatory and enforcement authorities either against the Bank, or its employees, its representatives, agents and third-party service providers.

MITIGANTS

The Bank has a dedicated compliance team that continuously monitors new developments and updates the Bank’s senior management on their implications. All relevant groups in the Bank build capabilities on an ongoing basis to be able to respond to regulatory changes in a time-bound manner. The Bank also actively participates in forums and advisory groups for the development of policies in the financial sector. The Bank seeks to have a strong compliance culture driven by the organisation’s leadership. There are wellarticulated policies with regard to code of conduct, whistleblower complaints, redressal mechanism for complaints and engagement with agents and thirdparty vendors. The Bank also benchmarks and seeks to adopt industry-best practices.

Reputation

RISKS

Any negative publicity arising due to actual or alleged conduct including lending practices and credit exposures, the level of non-performing loans, corporate governance, regulatory compliance, sharing or inadequate protection of customer information and actions taken by the government, regulatory bodies and investigative agencies could impact the Bank’s reputation. It can also impact the Bank’s ability to attract or retain customers and expose it to litigation and regulatory action.

MITIGANTS

The Bank has a Reputation Risk Management Group which identifies, assesses and monitors the risk in accordance with defined policies and procedures. Further, the Bank has well-articulated policies on various aspects including business conduct, employee conduct, compliance, IT and other relevant identified areas that could potentially create reputation risks for the Bank.

Employee

RISKS

The ability to attract, motivate and retain talented professionals and the availability of skilled management is critical for the success in implementing the Bank’s strategy and competing effectively. The loss of key senior executives or qualified young professionals and failure to replace them in a time-bound manner could impact the business.

MITIGANTS

The Bank has an employee-centric value proposition of Saath Aapka (which means ‘With You’) that focusses on learning, meritocracy and care for its employees. The Bank has put in place robust programmes and policies that provide opportunities for employees to build leadership capabilities.

International

RISKS

The Bank has a presence in multiple overseas jurisdictions, through its branches and subsidiaries, which can expose it to a variety of regulatory, legal and business challenges and increase the complexity of risks. Enhanced regulations in these countries could lead to additional scrutiny. There could also be risks arising from political changes in these jurisdictions.

MITIGANTS

The Bank’s strategy for international business is largely focussed on India-linked opportunities. There is a dedicated team overseeing the risks associated with its branches within the Bank’s Risk Management Group. Further, specific teams have been set up at local jurisdictions to get a ground- level understanding of country specific regulatory and business requirements. The Bank’s Compliance Group oversees regulatory compliance at the overseas branches, International Financial Service Centre (IFSC) and overseas banking units.