As a financial conglomerate, the Bank is exposed to various risks, primarily credit risk, market risk, liquidity risk, operational risk, technology risk, cyber risk, compliance risk, legal risk and reputation risk. ICICI Bank is committed to managing material risks and participating in opportunities as part of the strategic approach of risk calibrated growth in core operating profit.
The Board of Directors of the Bank has oversight of all risks in the Bank with specific Committees of the Board constituted to facilitate focussed oversight. The Board has framed a specific mandate for each of these Committees. The proceedings and the decision taken by these Committees are reported to the Board. The policies approved by the Board of Directors or Committees of the Board, from time to time, constitute the governing framework within which business activities are undertaken.
With a focus on responsible and sustainable growth, ICICI Bank continuously endeavours to maintain effective governance, a strong risk culture and robust enterprise risk management framework.
The Bank also has a Financial Crime Prevention Group (FCPG) to oversee/handle fraud prevention, detection, investigation, monitoring, reporting and creating awareness about fraud risk management.
The Bank has put in place an Enterprise Risk Management (ERM) and Risk Appetite Framework (RAF) that articulates the risk appetite and drills down the same into a framework with thresholds for various risk categories under which the business lines operate. In addition to the ERM and RAF, portfolio reviews are carried out and presented to the Credit and Risk Committees as per the approved calendar of reviews.
In addition, the Internal Capital Adequacy Assessment Process (ICAAP) encompasses capital planning for a four-year time horizon, assessment of material risks and the relationship between risk and capital. Stress testing, which is a key aspect of the ICAAP and the risk management framework, provides an insight on the impact of extreme but plausible scenarios on the Bank’s risk profile and capital position.
To read more on Risk and the Bank’s response to it, please refer pages 42-43 of ICICI Bank Annual Report 2022-23.
ICICI Bank has a robust process to identify and monitor risks and respond appropriately. The Bank continuously reviews and enhances the methods for identification and assessment of risks, sets appropriate metrics and controls, and mitigants for managing significant risks. This is further strengthened by investing in capability building and using artificial intelligence (AI)/machine learning (ML) techniques to enhance credit underwriting and early warning capabilities. The effectiveness of the Bank’s risk management is reflected in the Bank's strong balance sheet during the year, yielding sustainable risk-calibrated growth and significant value creation for shareholders.
Apart from the traditional risks, the Bank is also cognisant of emerging new-age risks like climate change.
The Bank adopted the Risk and Compliance Culture Policy in fiscal 2022, to strengthen its culture and encourage adoption of values, code of conduct and appropriate ways of doing business among employees.
A dedicated team within the Risk Management Group has been set up to develop a framework to assess the physical and transition risks of companies in the Bank’s portfolio, and integrate these risks as part of the credit evaluation process. The Bank has also been participating at various industry and regulatory forums for providing collaborative inputs on climate policy-making for the Indian banking industry.
ICICI Bank recognises the importance of establishing an effective framework and supporting processes that uphold a strong risk and compliance culture, where every action is in the interest of customers and the Bank. There is also a continuous endeavour to embed relevant principles and communicate the organisations culture on an ongoing basis.
The Risk and Compliance Culture Policy articulates the guiding principles for effective implementation of the policy.
The effective implementation of the policy includes a governance framework with roles and responsibilities of the Board, MD & CEO, Executive Directors and the Risk and Compliance Culture Council. All employees are encouraged to align with the guiding principles while conducting their activities. In addition, business compliance officers have been appointed within functional teams to strengthen compliance practices.
ICICI Bank is committed to act professionally, fairly and with integrity in all its dealings by adopting the highest business, governance, ethical and legal standards. To aid in achieving this objective, the Bank has formulated several policies and guidelines that assist employees in maintaining these high standards. The Bank also employs several modes of checks and balances to ensure adherence to its policies.
The ICICI Group Code of Business Conduct and Ethics provides the values, principles and standards that should drive decisions and actions of employees of the Bank. The Code is also the Bank’s commitment to its stakeholders for adhering to the highest ethical standards.
All new employees are required to mandatorily complete training/e-learning modules pertaining to Code of Conduct, Information Security and Data Privacy, Anti-Money Laundering and other compliance-related areas that are critical and sensitive.
As a global bank, ICICI Bank is subjected to Prevention of Corruption Act, 1988 (POCA) in India, Foreign Corrupt Practices Act (FCPA) in the United States of America and similar applicable anti-bribery regulations as amended/enacted from time to time in other jurisdictions where the Bank does business and as may be applicable. The Bank has a zero tolerance approach to bribery and corruption. The Bank has a well-defined Anti-Bribery and Anti-Corruption policy articulating the obligations of employees in these matters. The Bank’s third-party service providers and vendors are also required to adhere to the Bank’s Anti-Bribery and Anti-Corruption policy, including providing an annual self-declaration confirming their compliance. Apart from an annual review of the policy, the Bank also undertakes periodic external risk assessment of the policy at least once in three years. The last risk assessment was conducted in fiscal 2021, and no material gaps were identified. The Bank’s Vigilance Committee reviews matters pertaining to bribery and corruption.
The Bank has a Board-approved Group Anti-Money Laundering (AML) and Combating Financing of Terrorism (CFT) Policy. The basic purpose of the policy is to establish a global AML/CFT framework for the Bank to participate in the international efforts against Money Laundering and ensure that the Bank is not used as a vehicle for money laundering. The policy specifies a risk-based approach in implementing the AML framework. AML standards of the Bank are primarily based on two pillars, namely, Know Your Customer (KYC) and monitoring/reporting of suspicious transactions. The KYC procedures include customer identification and verification requirements. The policy also specifies monitoring of transactions on pre-defined rules as per the regulatory guidelines and any suspicious transactions found are required to be submitted to the concerned reporting authorities. The Bank uses name screening procedure to ensure that any person with known criminal background or a banned entity is not taken on-board as a customer.
For the purpose of avoiding proliferation financing/terrorism financing, the Bank maintains lists of individuals or entities issued by Reserve Bank of India, United Nations Security Council, other regulatory and enforcement agencies. Further, the Bank also maintains internal lists as per its decision from time to time. In addition, while handling cross-border transactions, the Bank carries out screening of names involved in a transaction against sanctions lists and other negative lists, as applicable.
The Audit Committee supervises implementation of the Group AML/CFT Policy framework. Adequate training programmes are conducted for all employees through suitable training modules covering the risks of non-compliance with AML regulations, requirements relating to KYC procedures, methods for recognition of suspicious transactions or suspicious behaviour of a client, tipping off, sanctions screening process etc.
The Bank has formulated a Whistle Blower Policy, which is periodically reviewed by the Board. The policy comprehensively provides an opportunity for any employee (including directors), secondees or stakeholders of the Bank to raise any issue concerning breaches of law, accounting policies or any act resulting in financial or reputation loss and misuse of office or suspected or actual fraud. The Bank has instituted multiple modes for reporting concerns including emailing designated email IDs, utilising integrated voice recording system to call and leave a voice message, writing a letter to the designated officials or utilising the whistle blower case management system through a prominently placed link on the Bank’s intranet. The policy has been periodically communicated to the employees. Issues raised under the Whistle Blower Policy are investigated for appropriate action, including an assessment of the impact on financial statements, if any. Concerns received under the Whistle Blower Policy are periodically reported to the Audit Committee. The Whistle Blower Policy complies with the requirements of vigil mechanism as stipulated under Section 177 of the Companies Act, 2013 and other applicable laws, rules and regulations. The details of the Whistle Blower Policy/vigil mechanism have been disclosed on the website of the Bank at (https://www.icicibank.com/about-us/other-policies).
In addition, the Board-approved Group Compliance Policy lays down the compliance framework with emphasis on ensuring that products, customer offerings and activities conform to relevant rules and regulations and adhere to the Bank's ethos of 'Fair to Customer, Fair to Bank'.
All the key policies of ICICI Bank are regularly reviewed and enhanced to ensure relevance, adherence to regulations and adoption of best practices on an ongoing basis. The Bank undertakes periodic training sessions and sends information mailers, as part of knowledge-enhancement and awareness, to employees. The frequency of messages are high with regard to areas like fraud risk management, data privacy, cybersecurity, compliance policies, conflict of interest, sexual harassment, etc. The Bank is committed to constantly reviewing its governance practices and frameworks, with a focus on staying updated and responsive to the dynamic and evolving landscape, and acting in the best interest of all stakeholders.