The Bank continuously evaluates it's risk management framework for appropriateness and relevance in the wake of increasing intensity of regulatory supervision and various emerging developments.
Approach to risk management
With substantially lower return on assets (ROA) due to the nature of the business of financial intermediation and maturity transformation, banks operate at higher levels of gearing to be able to generate acceptable level of returns to investors that are attractive in terms of return on equity (ROE). This process does, however, expose banks to a multitude of industry specific risks to a greater degree than those faced by other organisations. To mitigate such risks and to optimise the trade-off between risk and return it is imperative for banks to have an effective and integrated enterprise risk management infrastructure in place.
Apart from the risks that are inherent in financial intermediation and maturity transformation, emerging global developments are now threatening to disrupt the conventional business models of banks. While the COVID-19 pandemic brought about its own share of risks to the banking and financial services sector, there is a range of other risks involved. These include digitalisation; disruptive competition from fintechs; demographic changes; increased regulation specifically around anti-money laundering, consumer protection and privacy laws; cybersecurity threats and increasing concerns on sustainability (refer Operating Context on page 27 and Materiality of page 37).
Remaining in compliance with the regulations of the Saudi Central Bank (SAMA) is a key priority for the Bank. SAMA is recognised for its strong and sound implementation of prudential regulation and standards in promoting a world-class risk management environment within Saudi Arabia, having recently been recognised as the best risk manager at the level of central banks worldwide by the Central Banking Awards Committee. As a full member of the Financial Action Task Force (FATF), the global money laundering and terrorist financing watchdog, SAMA is focused on strengthening standards and improving monitoring and oversight at individual banking institution level. SAMA has also introduced regulatory reforms that address the fast-paced changes in business models resulting from technological advancements in the banking sector.
In line with SAMA regulations and guided by a suite of Board approved risk management policies, Al Rajhi Bank has a sound risk management framework (RMF) with necessary oversight of the Board of Directors, for identifying, assessing, measuring, mitigating, monitoring, and reporting risks, enabling such risks to be prudently managed.
Objectives of risk management
The primary objectives of the risk management function of the Bank are to:
- Operationalise the Bank’s risk management policies by establishing the required systems, processes, and procedures
- Assist in decisions relating to accepting, transferring, mitigating and minimising risks and recommending ways of doing so
- Evaluate the risk profile against the approved risk appetite on an ongoing basis
- Estimate potential losses that could arise from risk exposures assumed
- Periodically conduct stress testing in accordance with regulatory requirements
- Ensure that the Bank holds sufficient buffers of capital and liquidity to meet unexpected losses and honour contractual obligations
- Integrate the Bank’s risk management practice with strategy development and execution
- Institutionalise a strong risk culture within the Bank including conduct risk enforcement
Types of risk
Conventionally the Bank is exposed to a number of risks, which it manages through its robust risk management framework. While various external and internal factors affect the Bank's risk profile on an ongoing basis it has identified certain potentially disruptive emerging risks and uncertainties. These risks increase the unpredictability of the operating environment for financial services institutions and result in making some of the long-standing norms about markets, competition, and even business fundamentals less valid today. As a result, there is strong impetus for the Bank to better understand our customers with the adoption of a customer centric approach and deliver on their expectations. By acting on such an impetus, the Bank is able to better differentiate its value proposition for future growth, while dealing with these developments through the appropriate strategic responses.
Financial loss due to a counterparty failing to meet the terms of an obligation to a transaction remains the largest and most common risk for the Bank and the Group. Some of the key sources of credit risk are credit facilities provided to customers, cash and deposits held with other banks, and some off-balance sheet financial instruments such as guarantees relating to purchase and sale of foreign currencies or letters of credit. The Bank systematically evaluates its customers’ creditworthiness using quantitative and qualitative criteria, in ensuring that it maintains a robust loan and investment portfolio. By conducting periodic loan reviews that are geared to detect any weaknesses in the quality of the portfolio, the Bank is also able to take appropriate remedial measures.
Liquidity risk is defined as the Bank’s inability to meet its financial liabilities when they fall due or replace withdrawn funds without incurring unacceptable losses. This type of risk would invariably or potentially have a major impact on the Bank’s reputation and its ability to do business going forward. The Bank’s ability to accurately forecast cash flows and cash equivalents is crucial to its ability to manage liquidity risk. For this reason, their implementation is based on practice and limits set by the Group and historical deposit movement.
As market disruptions and rating downgrades may negatively impact its liquidity, the Bank managed its assets judiciously. Besides faithfully maintaining comfortably above the regulator specified levels of liquidity at all times in terms of liquidity coverage and net stable funding, the Group is guided in its liquidity management efforts by behavioural analysis of historical movements in funding sources. Maturity mismatches in assets and liabilities are being monitored on an ongoing basis. The Bank is also constantly focussing on diversifying its sources of funding to further mitigate this risk. To address any future liquidity risk that may arise, the Bank proactively conducts its Internal Liquidity Adequacy Assessment Plan (ILAAP) exercise to estimate the available funding under stress situation and on forecasted basis.
Risks related to profit rate, exchange rate, equity prices, and commodity prices are classed as market risk. They occur when the fair value or present value of future cash flows of a financial instrument fluctuate due to changes in market prices. With profit rate products, foreign currency, and mutual fund products, all exposed to general and specific market movements, changes in the level of volatility of market rates or prices can impact the performance of the Bank.
For a Sharia-compliant Bank such as Al Rajhi Bank, risks resulting from speculative operations such as hedging, options, forward contracts, and derivatives are mitigated. The Group is not immune to market risks.
Generally attributed to inadequate or failed internal systems and processes, human actions and/or external events.
The Bank’s operational risk is effectively overseen through an enterprise operational risk policy encompassing the implementation of operational risk tools designed to reduce or mitigate the failure of people, process and system level failures and associated operational incidents and losses.
The aggregated results of such stresses indicated manageable levels of risk, during the year under review, demonstrating the Bank’s overall resilience and the success of its integrated approach to the identification, measurement, and monitoring of operational risk.
As the Bank’s area of business is not limited to one location or its customers to a single type, its diversity in these areas provides a buffer against a number of shocks to its operating environment. As a result, the Bank’s geographical diversity and the loyal patronage of its varied customer base – which spans industries, countries, and wallet-size – mitigates concentration risk by providing greater stability in the face of external impacts.
Risk management practices
The Board Risk Management Committee (BRMC) supports the Board of Directors in their role of overseeing the Bank’s performance in line with its risk appetite. The Bank’s risk management function operates within the regulatory framework set out by the Saudi Central Bank (SAMA).
The Bank’s risk management framework is covered by the Bank’s Internal Capital Adequacy Assessment Process (ICAAP) and details the Bank’s risk appetite, risk management approach, and primary risk controls. The ICAAP is submitted to SAMA on an annual basis following its review by the BRMC and approval by the Board. The BRMC then reviews and provides recommendations to the Board on the Internal Liquidity Adequacy Assessment Plan (ILAAP), which is also submitted to SAMA on an annual basis.
To remain profitable, the Bank must manage risks with prudence and pragmatism by accurately identifying potential risks and the impact of such risks on the Bank’s value creation process. Such a process involves establishing risk thresholds, which are derived from the Bank’s risk appetite. The Bank has set up policies and procedures that help it to identify and analyse relevant risks, manage its capital effectively, and provide shareholders with sustainable returns.
The role of the Credit and Risk Group headed by the Chief Risk Officer is crucial to the Bank’s management of risk across its operations. This team works within the risk frameworks and policies approved by the Board of Directors and its remit encompasses credit risk management, operational risk management and enterprise risk management. The Group’s reports to the Board of Directors and related committees span credit risks and portfolio asset quality, operational risks, liquidity risks, market risks, reputational risks, and technology and cybersecurity risks among others.
The Credit and Provisioning Policy, Operational Risk Policies, Risk Appetite Statements, Market and Liquidity Risk Policies and Information Security Policy of the Bank are reviewed by the BRMC, whose recommendations are submitted for the Board’s approval.
The Asset and Liability Committee (ALCO) monitors the Bank’s liquidity risk. Their remit includes day-to-day management of funds to ensure that funds are available when necessary to meet commitments, monitoring liquidity ratios against benchmarks, and managing the concentration and profile of debt maturities.
The Credit and Risk Group regularly monitors market risks, submitting monthly reports to ALCO for assessment. ALCO ensures that risks taken are appropriate but initiates mitigating action if they are not within the Bank’s risk appetite.
The Bank’s diverse customer base fortifies the Bank against a number of risks. With its keen understanding of different customer requirements, the Bank segments this stakeholder group into three primary divisions:
- Retail Banking
- Micro, Small and Medium Enterprises (MSME)
- Corporate Banking
By grouping customers in this way, the Bank is able to align its value proposition in terms of products, services, and delivery channels to better cater to their needs. The Bank’s retail customer-oriented business model provides a diverse risk profile that is supplemented by its robust corporate banking customer base. The extensive branch network endears the Bank to its loyal customer base, generating a high level of stable sticky demand deposits, which in turn have a positive impact on the Bank’s liquidity.
The Bank’s risk management practices support its long-term value creation plans by regulating the entire customer journey from onboarding to issuing finances and providing reliable and relevant products and services.
Receiving positive credit ratings from international rating agencies over consecutive years has been favourable for the Bank’s reputation. The year under review presents no change in the ratings despite the challenging economic and geopolitical environment.
The unprecedented operating environment brought about by the COVID-19 pandemic and the impact of the accompanying socio-economic challenges to the banking sector is likely to continue well into 2021 and beyond. Besides these macroeconomic shocks, banks will experience widening and deepening banking regulations and pervasive technological advances. The Bank is cognisant of the added importance of the risk management function and possible need to recalibrate its underlying policies, frameworks and tools in its efforts to manage shareholder expectations and customer experience. In the circumstances, the Bank will continue to fine-tune its risk strategies to maintain a strong capital base, sound funding and liquidity position and further enhancing the cyber resilience and controls.
In line with the BOTF strategy, the Bank will strengthen the risk management framework further through the necessary changes to the mandate, structure, resourcing, competencies, technologies, MIS, and data analytics etc., further aligning business strategies with sound risk management practices and making the risk management function more forward looking and proactive. Expanding its core customer segments of retail, corporate, and SME in line with world-class risk management practices, regulatory standards, and international best practices too will continue to be a core focus for the Bank.