risk management

In order to enhance the focus and objectivity for credit decision making, the bank segregated the Credit Risk function from the Risk Management, wherein, the Credit Group is now being headed by the Chief Credit Officer, that functions within the Bank’s Credit risk framework and policies approved by the Board of Directors to manage Credit risk across the entirety of the Bank’s operations.

The Group’s reporting scope to the Board and related committees span around credit risks and portfolio asset quality only.

alrajhi bank’s Board Executive Committee (EC) supports the Board of Directors in their role of overseeing the Bank’s performance in line with its Credit risk appetite. The EC Charter is being updated as per the bank’s Corporate Governance Manual to apply best market best practices, applicable for credit risk management.

Operating primarily as a Retail bank providing credit facilities to customers on-balance and off-balance sheets, credit risk remained the largest risk source for alrajhi bank in 2024. However, given the solid nature of its portfolio, which has a bigger concentration of Public Sector customers with salary assignments, the credit risk also remained lowest among its peers during the reporting period.

Due to the potential a retail portfolio comprising a large number of individual customers with small loans has to hurt the bank when in collective default, alrajhi bank continued to conduct regular data integrity and portfolio monitoring in 2024, providing fair evaluation of individual borrowers and their capacity to repay the bank.

A change in the retail portfolio mix initiated in December 2021 and continued throughout 2024 saw a shift toward big-ticket loans such as mortgages, which posed a higher risk concentration per customer. Regular portfolio monitoring was conducted to build feedback loops and aid the Retail business and Risk Group in implementing effective mitigations and controls to minimise impacts.

This also led to a re-evaluation of the bank’s target markets, with the credit Risk Group shifting focus from high-risk segments where defaults and delinquency rates are higher than the bank’s risk appetite to low-risk groups by targeting the higher-income, salary-aligned segment with stable employers.

The business verticals, Credit Risk, and Compliance Groups worked together throughout the reporting period to ensure prompt compliance with all new and altered regulations and governing rules issued during 2024.

Accelerated digital banking posed credit risk from a customer acquisition perspective during the reporting period, which the bank addressed by adopting a phased approach to managing credit risk at the origination level and ensuring compliance with approved risk acceptance criteria. Stakeholders were consulted in the conceptualisation and implementation of the digitisation process.

Different strategies were executed to ensure lower inflows going to late buckets and address issues related to systems and logic to assess genuine defaults and find solutions. The bank also introduced a full ecosystem to manage any potential default in the Retail book, supported by a Task Force to oversee all related legal cases.

alrajhi bank is also accelerating to serve its non-retail businesses and has revamped its Wholesale Credit Policy to serve the growth in non-retail business, aligning its credit risk appetite to expand into preferred and targeted industries under its Corporate business, supporting growth in MSME business and expanding its Private Banking lending.

The bank has developed a vigorous Portfolio Monitoring mechanism by proactively managing its lending portfolio quality by revamping its rating models to automate the evaluation of customer credit worthiness using unique quantitative and qualitative criteria, especially for MSMEs. The bank is also automating its Early Warning System (EWS) model geared to detect any weaknesses in the quality of portfolios to enable the Bank to proactively engage appropriate remedial measures through relationship teams or the Special Assets Management Unit to rectify any credit risk issues.

These actions resulted in non-performing loans (NPL) of the non-retail portfolio being contained at the same level during the reporting period, despite significant year-on-year portfolio growth.

2024 saw a significantly reduced error rate and improved turnaround time through continued automation as well as policy and control function enhancements, across different segments of the bank. With all credit decisions that will be executed via the bank’s different credit decision engine, the error rate is expected to be further reduced towards an ambitious zero error rate once the phased implementation is completed by 2025.

The bank’s geographical diversity and loyal patronage of its varied customer base mitigates concentration risk by providing greater stability in the face of external impacts. In 2024, Corporate Banking enjoyed the advantage of a well-diversified portfolio across different emerging business segments, industries and wallet sizes. The Credit Risk Group continued to monitor the same, against predefined Risk Appetite parameters.

The Retail portfolio, too, remained highly diversified. The bank proactively created an ecosystem to support low-income segments whose disposable income may be affected by higher inflation, providing multiple options especially across its growing mortgage portfolio, which the Credit Risk Group continued to monitor closely.

During the year in review, alrajhi bank continued to strengthen its liquidity risk management framework, ensuring robust controls and monitoring systems are in place. The bank’s proactive liquidity management has maintained a solid liquidity position to pay off its obligations when become due by a diversified funding mix and strong balance sheet. This has been achieved by exploring and introducing new funding solutions such as syndicated Murabaha, senior unsecured sukuk and other funding tools. The bank plans to continue enhancing its liquidity management strategies for balance sheet optimisation and to remain well-positioned to meet future challenges and opportunities.

After the successful implementation of the Fundamental Review of the Trading Book “FRTB” last year, the bank currently ensures maintaining a robust market risk framework complying with Basel regulatory requirements. This included enhancing its systems, policies and procedures periodically to establish clear Governance, Control and Monitoring as well as setting well-defined boundaries between the Trading and Banking books.

alrajhi bank reviews its Operational Risk Management Policy annually, in order to adhere to the new Basel and SAMA requirements to govern all significant aspects of operational risk management in a systematic and consistent manner. To further enhance the performance of its Enterprise Operational Risk Management System, the automation of a number of operational risk tools and activities were carried out during 2024; the automation of Risk Control and Self-Assessment (RCSA), reporting and monitoring of Key Risk Indicators (KRI), incident logging and Root Cause Analysis (RCA), action plans logging and monitoring, new products and services risk assessment, risk register maintenance as well as risk reporting.

The bank is committed to strengthening its control environment and improving its operating platform efficiencies proactively, increasing reliance on the use of technology, and improving the bank’s collective knowledge and awareness of risk controls through various communication channels and training sessions.

To ensure a robust and consistent approach; Operational Risk Coordinators have been assigned from all departments of the bank and are responsible for implementation of the Framework in coordination with the Operational Risk Management department. The Group Operational Risk Management Committee (GORC) monitors and oversees operational risk issues.

The bank’s operational risk profile is regularly shared with senior management and the Board Risk Management Committee, which ensures a robust and consistent approach to operational risk management at all levels of the organization.

Fraud Risk is the likelihood that an individual or organisation will intentionally deceive others for personal or financial gain, potentially causing financial, reputational, or legal harm. Given its continuous compliance with SAMA’s Counter Fraud Framework, alrajhi bank’s Counter Fraud strategic approach is to ensure comprehensive coverage at Group level, enabling the bank to proactively protect its customers and its business operations.

As part of the rapid growth in fraud trends and fraudster techniques, the Counter Fraud Department has dedicated its full efforts and resources to ensure the following:

• Enabling a culture of awareness of counter fraud risks and fraudulent techniques for both our customers and the bank’s business areas;
• Minimise fraud losses by utilising cutting edge technologies, techniques, and conducting deep analysis of transactions to identify unknown or suspected fraud trends and threats;
• Engage counter fraud professionals to ensure a clear baseline is developed and implemented in order to further enable the Kingdom’s 2030 Vision;
• Establish awareness of the international fraud landscape to gain insight on international trends and techniques ahead of time; and
• Further develop alrajhi bank’s counter fraud resources by conducting both technical and non-technical training to allow for enhanced fraud vision internally and externally, and clear view of the international market fraud trends and techniques.

In 2024, the accelerated pace of digital transformation continued to expand the threat landscape, leading to a consequential rise in cybersecurity risks. alrajhi bank employs a comprehensive range of dynamic defences, incorporating preventive, detective, and incident response measures to proactively combat, detect, and address emerging cyber threats.

To strengthen its cybersecurity posture, alrajhi bank implemented advanced measures based on multi-layered cybersecurity principles. The bank adheres to the highest cybersecurity standards issued by the National Cybersecurity Authority (NCA), SAMA, CMA, and other regulatory bodies. This commitment ensures robust governance practices that safeguard the confidentiality, integrity, and privacy of customer information, as well as critical business and technology processes.

The bank also prioritises cultivating a strong cybersecurity culture by implementing targeted training and awareness programs for employees and customers. These initiatives enhance their understanding of the evolving threat landscape and provide guidance on minimising exposure to cyber risks. To maintain the reliability and security of its services, the bank conducts continuous cybersecurity assessments of its systems, applications, and networks.

Additionally, alrajhi bank engages independent internal and external auditors to verify the effectiveness of its cybersecurity controls and ensure compliance with national and international standards, including PCI DSS, SAMA, SWIFT, SARIE, and NCA requirements. The bank’s 24/7 cybersecurity operations centre continuously monitors and responds promptly to cyber threats and attacks. Through these advanced measures, alrajhi bank has demonstrated resilience against cyberattacks, with no cybersecurity-related failures or operational impacts recorded to date.

Trust remains at the core of the bank’s relationships with customers and stakeholders. This trust is founded on robust safeguards to protect sensitive financial data, ensure customer privacy, and uphold the integrity of financial transactions. In 2024, alrajhi bank continued to strengthen its cybersecurity frameworks, conduct regular audits, and adhere to evolving regulatory standards. These measures underscore the bank’s commitment to maintaining a highly secure and trustworthy environment for both customers and employees, ensuring long-term stability and confidence in its operations.

In 2024, the rapidly evolving technological landscape within Saudi and global financial institutions has positioned technology risks as a critical area of focus. As reliance on advanced technologies becomes increasingly pervasive, financial institutions must adopt a comprehensive approach to managing IT risks. With alrajhi bank and its group members advancing and integrating innovative technologies to transform operations, the spectrum of potential risks continues to expand. These risks include sophisticated cyber-attacks, systemic failures, data breaches, and compliance lapses, each carrying significant implications for business continuity, customer trust, and financial stability. Effectively managing these risks demands a balanced approach that prioritizes resilience, trust, agility, and business enablement, allowing the bank to navigate technological challenges while capitalizing on emerging opportunities.

alrajhi bank’s primary goal in managing IT risks is to proactively establish a resilient and trustworthy IT ecosystem. This involves implementing a multifaceted strategy that integrates agility, alignment with regulatory requirements, and support for the bank’s broader business objectives. By treating technology as a strategic asset rather than a mere operational tool, the bank not only enhances efficiency but also drives innovation and competitive advantage. Resilience, as envisioned by the bank, transcends technical robustness. It includes the capacity to anticipate, prepare for, respond to, and adapt to both gradual changes and sudden disruptions in the technological environment. This resilience is reinforced by a culture of continuous improvement, where lessons learned from past incidents shape future risk mitigation efforts.

Apart from the conventional risks inherent in financial intermediation, a number of emerging risks were identified during the reporting period based on internal assessments and external market trends.