Risk management is the systematic process of identifying, assessing and mitigating the principal business risks that SICO faces. Risk management is essential to the Bank’s success, and risks can be mitigated by establishing appropriate controls to manage these risks; and ensuring that all appropriate monitoring and reporting processes are in place.
Rist Management Framework
SICO maintains a strong focus on its risk management framework, capital management and governance structure; and adopts a structured, consistent and disciplined methodology to align business strategy, processes, people, technology and knowledge, in order to evaluate and manage its risks. The Bank’s approach is based on a simplified risk management framework for active investment banks with non-complex activities or transactions.
Risk Control Structure
SICO has put in place a well-disciplined control functions organisational structure to support the business strategy and risk management of the Bank.
SICO’s Board and Senior Management are responsible for understanding the nature and level of risks faced by the Bank; and for ensuring that the risk management process chosen is appropriate, considering the risk profile of SICO. Senior Management is responsible for ensuring that there is a process to relate the business risk to an adequate level of capital, setting the tolerance for various risks, and putting in place the framework and process for measuring and monitoring compliance.
SUMMARY OF BOARD AND COMMITTEES’ RESPONSIBILITIES
The BOD is primarily responsible for approving the business’s risk strategy/appetite, sound policies, guidelines and procedures to manage risks arising out of SICO’s business activities. These policies are consistent with the Bank’s broader business strategies, capital strength, management expertise, and ability to control risk.
The BIC is the second point where decision making of SICO’s investment activities is considered. This committee approves investments within its discretionary powers as delegated by the Board; and in some cases the BIC recommends proposals to the Board for its approval.
In addition to its overview of the Internal Audit Unit, the Audit Committee provides sound support to the Compliance Framework, which includes internal, regulatory and operational risk.
The NRCG contributes to the control framework by nominating qualified Board members and the CEO. It alsoapproves the remunerations which factor in the risk taken by the business, and also looks into corporate governancerelated issues.
The Management Committee that comprises from the Bank’s senior management members. It reviews the overall performance of the Bank, discusses and assesses implications of new initiatives, and contributes to the ongoing strategy of the Bank.
ALIC is a management committee that sets the investment philosophy and guidelines, and monitors the performanceof the proprietary investments and treasury activities.
AMC is a management committee that oversees the fiduciary responsibilities carried out by Asset Management in managing clients’ discretionary portfolios, as well as funds operated and managed by SICO.
Summary of Control Unit Responsibilities
RMD is responsible for establishing a sound risk management framework and appropriate risk structures to assist the Bank in the realisation of its business objectives and continued development. It also provides oversight of risk management and risk controls across the organisation by coordinating and communicating with each business unit to manage the risks that arises for its business line; and ensure that the principles and requirements of managing risk are consistently adopted throughout the Bank.
The Compliance unit within SICO is responsible for internal compliance, regulatory compliance, operational risk, and KYC & AML functions. It mainly ensures compliance with internal and external rules and regulations, and is responsible for implementing the compliance framework across the entire Bank.
Internal Audit provides an additional line of defense within the Bank’s risk management and control framework. Internal Audit is primarily responsible for providing independent and objective assurance that the process for identifying, evaluating and managing significant risks faced by the Bank is appropriate and effectively applied by the business units, control functions and senior management.
Identification of the various risks that impact the various business activities of SICO.
This step is to quantify the risks identified in the risk identification process. It creates the objective basis for decision making, and enables senior management to make decisions regarding SICO’s riskbearing capacity within the framework.
This step allocates internal capital to each of the risks identified and quantified in the risk identification process. It creates the objective basis for decision-making, and enables senior management to make decisions regarding SICO’s risk-bearing capacity within the framework of the ICAAP.
Once risks have been identified and quantified, individual risks are aggregated to determine SICO’s risk exposure and impact.
SICO has established various tolerance limits based on the overall risk strategy of the Bank. These limits will be revised periodically, taking into account the changing market and economic conditions. SICO has established a comprehensive limit framework to monitor its exposure to all significant applicable risks.
The risk monitoring process ensures that SICO’s risk profile remains in line with its risk preferences. In this context, there is a standardised procedure for dealing with increasing levels of limit utilisation and limit overruns.
The Bank’s risk management framework and strategy defines the risk appetite based on the type of risk that SICO is exposed to through its business activities which are in line with business strategy and objectives.
The broad risk types that the Bank is exposed to are:
Market risk (can also be considered as Systemic risk) is the risk of loss in the value of any financial instrument due to an adverse fluctuation in equity prices, interest rates and foreign exchange rates, whether arising out of factors affecting a specific instrument or the market in general.
The Bank’s market risks arise primarily from its investment and trading activities that are conducted by its Investment Unit. SICO invests and trades across different products, such as equities and fixed income, and through different types of funds in regional and international markets. Market risk is mitigated by having in place guidelines that clearly outline stringent risk limits and allocations.
Market risk also encompasses the following risks which SICO is exposed to, and are being effectively managed as a part of the Market Risk Management strategy:
Equity Price Risk
A significant portion of SICO’s proprietary trading and available-for-sale portfolios comprise equity instruments, and are therefore affected by equity price risk. Uncertain conditions in the equity markets are carefully considered by rebalancing asset allocations to minimise risk exposures. This risk is also mitigated by managing the portfolio within duly approved investment guidelines and other investment limits. These are closely monitored by RMD, and regularly reviewed by ALIC. SICO’s risk management approach continues to be forwardlooking, proactive, and highly effective in rebalancing its investment portfolio in line with the Bank’s investment strategy, to ensure capital preservation, quality and liquidity.
Interest Rate Risk
Interest rate risk is the risk where changes in market interest rates might adversely affect the Bank’s financial condition.Investments in debt instruments, placements, deposits and borrowings give rise to interest rate risk. Treasury carefully monitors and manages these exposures in order to mitigate this risk. A reasonable spread is maintained between money market placements and deposit interest rates. Treasury assets and liabilities are maintained in closely-matching maturity buckets in highly-liquid short-term money market vehicles to avoid any material mismatch. Medium-term debt instruments are largely intended to be held to maturity. SICO does not trade speculatively in derivatives. The Bank applies stress testing to monitor interest rate shock on its banking book on a periodic basis.
A substantial portion of SICO’s business is transacted in Bahraini Dinar, GCC currencies and United States Dollar. The Bank’s exposure to foreign currencies is minimal and hence the foreign exchange risk is low. Foreign exchange rate risk is managed by applying appropriate limits that are set in accordance with the Bank’s strategic plans and risk tolerance, determined by ALIC and approved by the Board of Directors. Treasury manages these positions on an ongoing basis, hedging such exposures as appropriate, while RMD along with ALIC regularly reviews such positions.
Market risk is controlled primarily through a series of different layers of limits and maintaining a dynamic investment allocation. These limits reflect the Bank’s risk appetite in the context of the market environment and business strategy. In setting limits, SICO takes into consideration many factors, including market volatility, product liquidity and risk appetite. Market risk is monitored and also controlled by policies and practices that are put in place and practiced across the Bank. The policy framework establishes and clearly defines the approval authorities and portfolio review parameters.
Credit risk is the risk of loss arising from a borrower’s or counterparty’s inability to meet its contractual obligations and causes SICO to incur a financial loss. Investments in debt instruments, managed funds, and placements with counterparty banks, give rise to credit risk. Counterparty credit risk arises vis-à-vis customers and counterparty brokers. The Bank is exposed to credit risk through many of its activities such as the Asset Management, Investment and Treasury departments, where deals are routed through counterparty brokers and give rise to counterparty credit risk.
Credit Risk Management works in coordination with the business in identifying and aggregating exposures. Credit risk is mitigated by a focused target market approach towards institutional and experienced, sophisticated high net worth investors. The Bank’s main credit risk related activities are:
Credit Risk also encompasses the following risks which SICO is exposed to and are being effectively managed as a part of the credit risk management strategy:
SICO deals with different counterparties for its money market placements, brokerage and REPO. To measure counterparty risk, the Bank employs several methodologies for estimating the likelihood of obligor or counterparty default, of which SICO uses an internal rating model to assign ratings to each of its counterparties by applying qualitative and quantitative factors.
SICO is exposed to settlement risk through its brokerage services on unfunded deals where exposure remains until settlement. The Bank applies several assessments against its clients during the screening and on subsequent basis to minimise settlement risk.
As part of SICO’s Margin Trading facilities and Reverse REPO, it is exposed to the risk of default wherein individuals and corporates may be unable to make the required payments on their obligations. The Bank accepts only liquid securities as collateral, and also applies haircuts on the collateral value, which acts as a margin of safety in case it is to offset the collateral against the outstanding obligations.
For the measurement of the above credit risk components, SICO employs several methodologies for mitigating the credit
risk. The Bank also uses ratings issued by rating External Credit Assessment Institutions (ECAI) which are also called rating agencies such as Standard & Poor’s, Moody’s and Fitch, to derive the risk weightings under the CBB’s Basel II capital adequacy framework, and as part of its internal rating model. These ratings are used mainly for banks and FIs, but also where applicable, for other exposures such as debt instruments. Where ratings vary between rating agencies, the most conservative measure is adopted.
Credit risk is monitored and controlled by policies and practices that are put in place by RMD, and that have been approved by the Management and the Board where required. The policy framework establishes approval authorities, concentration limits, risk-rating methodologies, and guidelines for management of exposures. For lending exposures such as Margin Trading and Reverse REPO, financial securities that are obtained as collateral are of liquid in nature and appropriate haircuts are also applied on them. The lending exposures are closely monitored along with their collaterals, which are marked to market on a daily basis including triggers such as margin calls. The Bank also adheres strictly to the large exposure norms as prescribed by the Central Bank of Bahrain under the credit risk management module.
Concentration risk arises when the Bank’s investments/placements exposure is concentrated with one or more related counterparties, or assets class, or sector, or geography. Weakness in the counterparty or assets, sector, or country may place SICO under considerable risk and potential loss.
SICO complies strictly with the single counterparty exposure norms prescribed by the CBB. As at 31 December 2014, there were no exposures in excess of the 15% large exposure limit as defined in the CM Module of the CBB’s rule book.
The geographic and sector distribution of SICO’s investments are disclosed in the financial statements, and the credit exposure geographic and sector distribution are disclosed under the Pillar 3 section. The other exposures of the Bank consist mainly of cash and bank balances, and receivables from clients. These are concentrated predominantly in the GCC.
SICO continues its effort to maintain an acceptable level of concentration in each of these categories by adhering to the limits set as per the Investment guidelines, and in return tries to capitalise on growth opportunities in various strategies in the international market and as diversification to the concentration risk in the region.
Liquidity risk is the inability to meet contractual and contingent financial obligations, on- or off-balance sheet, as they come due, as a result of the potential inability to liquidate its financial assets at the required time and price, in order to cope with a payout of liabilities or investment obligations in assets. Such risk may arise from a depletion of cash and cash equivalents, investments turning illiquid, and mismatches in the maturity pattern of assets and liabilities. Measuring and managing liquidity needs are vital for the effective operation of investment banks. As the investment horizon remains uncertain due to market volatility, a high proportion of SICO’s total assets is preserved in cash and cash equivalents from time to time.
The Bank’s Treasury Unit manages this risk by monitoring settlement obligations and maintaining sufficient liquid assets,
including call deposits and short-term placements. SICO’s liquidity position is monitored on a daily basis, and maturity mismatches of Bank’s maturity profile are also monitored and reported to the Board periodically.
This is the risk of a change in value caused by the fact that actual losses, incurred for inadequate or failed internal processes, people and systems, or from external events (including legal risk), differ from the expected losses.
Unlike market or credit risks, which are systemic in nature, operational risk is institution-specific and is inherent in the day to-day operations of SICO. This risk could arise from a broad spectrum of causes such as deficient transaction processing, business practices, workplace practices, system failures, human errors, business interruptions and damage to physical assets.Operational risk also includes internal and external fraud.
Operational risk also encompasses other risks and areas such as:
- Reputational Risk
- Legal Risk
SICO has in place sound internal control measures, consisting of an operating policies and procedures framework, compliance initiatives, and adequate and skilled personnel, which are the key to successful operational risk management. The Bank has a very conservative control philosophy, and adopts a number of mechanisms to manage this risk. These include a well-defined organisational structure, approved policies and procedures guidelines, segregation of duties, approval authorities, periodical reconciliations, and various limits. Internal Audit and Compliance functions support this activity.
The Bank has a process for monitoring operational risk, by conducting Risks and Controls Self-Assessments, identifying key risks, nominating Operational Risk Coordinators (ORCs) in each department to identify, monitor and report, prevent or control operational risks, and report any risk incidents to RMD on a timely basis. RMD will conduct an analysis of such incidents and follow up any corrective action required.
SICO has in place business continuity plans (BCP) to ensure the Bank’s business operations and functions are carried out in case of disturbances or unexpected events effecting the business operations. The BCP provide each business line with the necessary guidelines and procedures in case of an emergency or disaster. The Bank has established a business continuity centre within the Kingdom of Bahrain, which maintain full operational status and are capable of carrying out the majority of the Bank’s operational activities. The effectiveness of business continuity centres has been stress tested by conducting actual business for one day from the BCP site. Continuous updates of the BCP are performed annually, to ensure that it is kept up to date.
Compliance risk is risk of current and prospective risk to earnings or capital arising from violation of, or non-compliance with, laws, regulations, rules, prescribed practices, contractual agreements or ethical standards. A major source of this risk in the present context of regulatory regime, and as a licensed market operator, would be sanctions due to non compliance with the regulatory directives. Compliance risk can lead to diminished reputation, limited business opportunities, reduced expansion potential, and even to cessation of operations. Hence compliance has to ensure adherence with primary legislation, rules and standards issued by the Central Bank of Bahrain, the Bahrain Bourse, market conventions, and internal codes of conduct applicable to staff. SICO adopts a top-down approach to compliance, with the Board and Management leading by example.
The Risk Management Department carries out risk assessment on the various fiduciary activities by working alongside with the Bank’s relevant lines of business and committees, to ensure that SICO fulfills its fiduciary duties against the asset management, fund administration and custody clients, wherein it adopts the appropriate standards relative to the fiduciary relationship with a client. Below are the various activities carried out by SICO and the Bank’s subsidiary, SICO Funds Services Company (SFS), which can give rise to the following fiduciary risks:
Asset Management: Assets under management have a range of controls to support the quality of the investment process, supervised by the Asset Management Committee (AMC). There are operating policies and procedures, Investment Guidelines coupled with dedicated buy-side research, and other guidelines to support this activity. There are also strict operational controls to protect clients’ assets, a staff code of conduct, and ‘Chinese Walls’ to avoid any conflicts of interest.
RMD and Compliance units regularly monitor the activities of the Asset Management division, and report their findings and observations to the AMC, and in the periodic compliance reports sent to clients.
Custody and Fund Administration: This Bank’s custody and fund administration activities are handled by SICO Funds Services Company (SFS), which operates as a standalone subsidiary. SFS has a put in place a number of operating controls, including the monitoring and reporting of securities position reconciliations.
Corporate Finance: This activity is subject to legal and reputation risk. Such risks are mitigated by obtaining the necessary legal and regulatory approvals. Advisory and underwriting matters are monitored and controlled by senior management.