Annual Report 2018-19
Key Risks Impacting the Bank’s Business

Macroeconomic uncertainties

RISKS

Developments in the Indian economy could have a material impact on growth and value creation in the Bank’s business. The Bank’s presence in international markets also exposes it to risks from global developments. Uncertainties exist due to India’s high dependence on global crude oil and capital requirements, evolving policy environment and need for sustainable job creation.

MITIGANTS

The Bank closely monitors developments in the global and Indian economy. It has a dedicated team for monitoring and evaluating the impact of macroeconomic trends. The Bank has an established Country Risk Management Policy which addresses the identification, measurement, monitoring and reporting of country risk. The Bank’s risk team continuously monitors all sectors as well as corporates within the sectors and country risks.

Credit

RISKS

The Bank’s core business is lending which exposes it to various types of credit risks, especially failure in repayments and increase in non-performing loans. The Bank’s loan portfolio includes retail loans, loans to rural and semi-urban customers, to small and medium enterprises and wholesale loans which are vulnerable to economic risks. Banks in India are subject to directed lending requirements that yield low returns. Further legal and regulatory changes and increasingly stringent requirements regarding non-performing loans and other weak borrowers and provisioning for such loans could also be a risk.

MITIGANTS

The credit related aspects in the Bank are primarily governed by the Credit and Recovery Policy approved by the Board of Directors. The Bank measures, monitors and manages credit risks at an individual borrower level and at the portfolio level. In the last few years, the Bank has strengthened its Enterprise Risk Management and Risk Appetite framework for managing concentration risk, including limits/thresholds with respect to single borrower and group exposure. Limits have been set up for borrower group based on turnover, track record and rating of borrowers. The Bank has pursued a strategy of building a granular and diversified portfolio and lending to better rated corporates. Introduction of Insolvency and Bankruptcy Code and Credit Bureaus act as a deterrent for borrowers to default.

Market and liquidity

RISKS

Movement in interest rates, foreign exchange rates, credit spreads and equity prices could impact the Bank’s net interest margin, the value of the trading portfolio, income from treasury operations and the quality of the loan portfolio. Banks in India are subject to statutory liquidity ratio requirement, capital and liquidity requirements that structurally exposes them to interest rate risks and liquidity risks. Regulatory changes relating to interest rates or markets could create risks. Further, deposits are an important source of funding which are primarily short-term in nature and banks face the risk of asset-liability mismatches if deposits are not rolled over by depositors.

MITIGANTS

The Investment Policy, Asset Liability Management Policy and Derivatives Policy, approved by the Board of Directors, govern the treasury activities and the associated risks and contain the limits structure. The Asset Liability Management Committee which includes the MD & CEO, wholetime directors and senior executives periodically reviews the Bank’s business profile and its impact on asset liability management. Periodic monitoring is done by the Market Risk Management Group which recommends changes in policies, processes and methodologies. Building a strong liability franchise is a core strategic focus for the Bank.

Operational

RISKS

There is a risk of loss resulting from inadequate or failed internal processes, people or systems or from external events. This could include fraud or other misconduct by employees or outsiders, unauthorised transactions by employees and third parties, misreporting or non-reporting with respect to statutory, legal or regulatory reporting and disclosure obligations, operational errors including clerical and record keeping and system failures.

MITIGANTS

The Bank has put in place a system of internal controls, systems and procedures to monitor transactions, key back-up procedures and undertakes regular contingency planning. The governance and framework for managing operational risks is defined in the Operational Risk Management Policy.

Technology

RISKS

Rapid technological developments and the increasing dependence on technology, combined with the continuous digitisation in banking activities have exposed banks to a host of new risks like obsolescence of IT systems, IT resiliency and business continuity, technology vendor/third party risk, incorrect/inadequate data backups, inadequate change management practices, ineffective identity and access management leading to unauthorised access to IT systems, budget over-runs in IT projects, regulatory non-compliance and other relevant matters. Misalignment between business and IT strategies is also a formidable risk.

MITIGANTS

The Bank’s Information Technology Strategy Committee ensures that information technology strategy is aligned with the business strategy. The Committee meets periodically to review ongoing IT projects and their schedules, major IT incidents, technology risk indicators and status of regulatory compliance. The Bank has established policies and control frameworks on change management, logical access management, IT outsourcing and Data Centre processes to ensure that the risks are identified and appropriate mitigating controls are put in place. In addition to this, independent assessments of IT processes are carried out by the Internal Audit Group periodically to provide assurance on the effectiveness and efficiency of IT systems and processes.

Cyber

RISKS

Increasing reliance on technology and digitisation increases the risks of cyber attacks including computer viruses, malicious or destructive code, phishing attacks, denial of service or information, ransomware, unauthorised data access, attacks on personal emails of employees, application vulnerability and other security breaches. This could negatively impact the confidentiality, integrity or availability of data pertaining to the Bank and its customers. Given the nature of the new digital economy, the Bank has business and operational relationships with third parties and these could also be sources of information security risk.

MITIGANTS

The Information Technology Strategy Committee oversees cyber security related threat landscape and the Bank’s preparedness to address these from a prevention, detection and response perspective. The Chief Information Security Officer is responsible for tracking the risks. Confidentiality, Integrity, and Availability form part of a comprehensive information security framework that the Bank has put in place. The Bank also lays emphasis on customer elements and has invested in the areas of phishing protection, adaptive authentication, awareness initiatives and has also taken industry-leading initiatives in providing customers with an easy and immediate ability to configure their risks and limits.

Compliance

RISKS

The environment for financial institutions is seeing unprecedented changes in laws, regulations and regulatory policies. This could increase the risks of compliance and regulatory action in the form of fines, restrictions or other sanctions for instances of regulatory failures. The failure to comply with applicable regulations by employees, representatives, agents, third-party service providers either in or outside the course of their services, may result in inquiries or investigations by regulatory and enforcement authorities either against the Bank, or such employees, its representatives, agents and third-party service providers.

MITIGANTS

The Bank has a dedicated compliance team that continuously monitors new developments and updates the senior management on their implications. All relevant groups in the Bank build capabilities on an ongoing basis to be able to respond to regulatory changes in a time-bound manner. The Bank also actively participates in forums and advisory groups for the development of policies in the financial sector. The Bank seeks to have a strong compliance culture driven by the leadership team. There are well-articulated policies with regard to code of conduct, whistleblower complaints, redressal mechanism for complaints and engagement with agents and third-party vendors.

Reputation

RISKS

Any negative publicity arising due to actual or alleged conduct including lending practices and credit exposures, the level of non-performing loans, corporate governance, regulatory compliance, sharing or inadequate protection of customer information and actions taken by the government, regulatory bodies and investigative agencies could impact the Bank’s reputation. It can also impact the Bank’s ability to attract or retain customers and expose it to litigation and regulatory action.

MITIGANTS

The Bank has a Reputation Risk Management Group which identifies, assesses and monitors the risk in accordance with defined policies and procedures. Further, the Bank has well-articulated policies on various aspects including business conduct, employee conduct, compliance, IT and other relevant identified areas that could potentially create reputation risks for the Bank.

Employee

RISKS

The ability to attract, motivate and retain talented professionals and the availability of skilled management is critical for successfully implementing the Bank’s strategy and competing effectively. The loss of key senior executives or qualified young professionals and failure to replace them in a time-bound manner could impact the business.

MITIGANTS

The Bank has an employee centric value proposition of Saath Aapka (which means ‘With You’) that focuses on learning, meritocracy and care for its employees. The Bank has put in place robust programmes and policies that provide opportunities for employees to build leadership capabilities.

International

RISKS

The Bank has a presence in multiple overseas jurisdictions, through its branches and subsidiaries, which can expose it to a variety of regulatory, legal and business challenges and increase the complexity of risks. Enhanced regulations in these countries could lead to additional scrutiny. There could also be risks arising from political changes in these jurisdictions.

MITIGANTS

The Bank’s strategy for international business is largely focussed on India-linked opportunities. There is a dedicated team overseeing the risks associated with its branches within the Bank’s Risk Management Group. Further, specific teams have been set up at local jurisdictions to get a ground-level understanding of country specific regulatory and business requirements. The Compliance Group oversees regulatory compliance at the overseas branches and banking units.