I. MANDATES

a. Risk Oversight Committee

The Risk Oversight Committee shall advise the Board of Directors on the Bank’s overall risk appetite, oversee senior management’s adherence to its risk appetite statement, and report on the Bank’s risk culture state.

b. Risk Management Department

The Risk Management function is performed by Risk Management Department (RMD) and is independent from those who take or accept risk on behalf of the institution. It is primarily responsible for identifying, measuring, monitoring, controlling, and reporting various risks that are inherent in the Bank’s activities. It shall primarily assist the Risk Oversight Committee in the discharge of its duties and responsibilities.

c. Chief Risk Officer

The Chief Risk Officer (CRO) shall be responsible for overseeing the risk management function and shall support the board of directors in the development of the risk appetite and risk appetite statement of the Bank. The CRO shall have direct access to the board of directors and the ROC without any impediment. He shall serve on a full-time basis and report to the board of directors.

II. RISK DESCRIPTIONS

1. Credit Risk – Credit risk is the largest single risk that the bank faces. This occurs when a counterparty fails to meet the terms of any contract that was agreed upon with the bank. Credit policies and practices of the bank are generally sound to prevent or mitigate credit risks. Credit ratios should likewise stay within manageable and acceptable levels.

2. Market Risk – Market risk is the possibility of loss due to changes in market prices and rates, the correlations among them and their levels of volatility. It involves liquidity and price risk. Both risks are managed through a common structure and process but use separate conceptual and measurement frameworks that are compatible with each other. The bank applies various form of Value-at-Risk (VAR) methodology in the trading books and balance sheet.

3. Liquidity Risk – Liquidity risk refers to the risk of not having sufficient cash or borrowing capacity to meet depositors’ withdrawals, net loan demand and other cash requirements. The bank has maintained adequate reserve position and has been a consistent interbank lender. It has not resorted to external borrowings and has a balanced source of funding from deposits and capital.

4. Operational Risk – Operational risk, which includes Legal Risk, refers to the risk of loss resulting from inadequate or failed internal processes, people and systems; or from external events. The bank has created and maintained a robust operating environment and system that ensures and protects the integrity of the company’s assets, transactions, records and data.

5. Compliance Risk – Compliance risk refers to risk to earnings or capital arising from violations of or non-conformance with laws, rules, regulations, prescribed practices, or ethical standards. The bank has a separate Compliance Department that handles all compliance issues with concerned regulatory bodies.

6. Strategic Risk – Strategic Risk is the current and prospective impact on earnings or capital arising from unfavorable business decisions and lack of foresight to respond immediately to industry changes. This risk is a function of the compatibility of an organization’s strategic goals, the business strategies and resources to meet those goals. Resources include communication channels, operating systems, delivery networks, and managerial capacities and capabilities. The organization’s internal characteristics must be evaluated against the impact of economic, technological, competitive, regulatory, and other environmental changes.

7. Reputational Risk – Reputational Risk is the current and prospective impact on earnings or capital arising from negative public opinion. This affects the bank’s ability to establish new relationships or services or continue servicing existing relationships. This type of risk may expose the bank to possible litigation, financial loss, or a decline in its customer base that could affect deposits. Reputation risk exposure is present throughout the organization and an abundance of caution needs to be exercised when dealing with customers and the community.

III. RISK MANAGEMENT PROCESS

Risk Management is a discipline at the core of every financial institution and encompasses all banking activities.

Risk Identification

In order to manage risks, an institution must identify existing risks or risks that may arise from both existing and future business initiatives. Risks inherent in lending activity include credit, liquidity, interest rate and operational risks. Risk identification should be a continuing process, and should occur at both the transaction and portfolio level.

Risk Measurement

Once risks have been identified, they should be measured in order to determine their impact on the institution’s profitability and capital. This can be done using various tools ranging from simple to sophisticated models.

Accurate and timely measurement of risks is essential to an effective risk management system. An institution that does not have a risk measurement system has limited ability to control or monitor risk levels. An institution should periodically test to make sure that the measurement tools it uses are accurate. Good risk measurement systems assess the risks of both individual transactions and portfolios

Risk Mitigation

After measuring risk, an institution should establish and communicate risk limits through policies, standards, and procedures that define responsibility and authority. Institutions may also apply various mitigating tools in minimizing exposure to various risks. Institutions should have a process to authorize exceptions or changes to risk limits when warranted.

Risk Monitoring

Institutions should put in place an effective management information system (MIS) to monitor risk levels and facilitate timely review of risk positions and exceptions. Monitoring reports should be frequent, timely, accurate, and informative and should be distributed to appropriate individuals to ensure action, when needed.