Risk Management
Risk Appetite
ADCB’s strong risk governance reflects the importance placed by the Board and the BRCC on shaping the Bank’s risk strategy and managing risks effectively. The Bank’s risk strategy is governed by a clear policy framework of risk ownership; a risk appetite process through which the types and levels of risk that we are prepared to accept in executing our strategy are articulated and monitored; performance scorecards that align business and risk objectives; and the accountability of all staff for identifying, assessing and managing risks within the scope of their assigned responsibilities. This personal accountability, reinforced by the governance structure, experience and mandatory learning, helps to foster a disciplined and constructive culture of risk management and control throughout ADCB.
Risk-Appetite Principles and Key Objectives
- To achieve our overarching risk objective, ADCB has the following key risk-appetite principles:
- Limit overall obligor concentrations and manage sector concentrations
- Increase granularity of overall portfolio with healthy risk-adjusted returns
- Fundamentally improve the ‘core engine’ by investing in core business
- Predefined risk-reward hurdle for all new business
- Strong drive to improve credit quality in both existing and new-to-bank portfolios
We have meticulously applied these risk principles in our day-to-day operations to achieve the following results:
| Metrics | 2014 |
|---|---|
| Top 20 obligor concentration | Top 20 largest customer exposure reduced from 41.4% of gross loans in 2013 to 37.04% in 2014. |
| Granular business growth | Significant growth in granular businesses as per risk strategy — Retail, Mid-Corporate and SME. Retail lending grew by 22%, SME loans grew by 40%, and MCD loans grew by 123% year on year. |
| Portfolio rating | Average portfolio rating is 5+ (equivalent to S&P BB+) as at 31 December 2014. This is a one-notch upgrade since year-end 2013 and a two-notch upgrade since 2012. |
Scroll to view full table
Risk Appetite Framework
ADCB‘s risk appetite framework is a key management tool for setting appropriate levels of risk-taking at Bank-wide and business unit levels and therefore is embedded in our business strategy and ambitions.
ADCB’s risk appetite is set in absolute terms as a minimum capital ratio and maximum loss in case of stress events. We define our risk appetite in terms of qualitative guidelines that are backed by quantitative measures. Further, the risk appetite is operationalised by setting business unit–level risk-appetite measures such as portfolio rating, RAROC, non-performing loan (NPL) rates, fee income to total income metric, and portfolio size and mix.
Divisional Risk-Appetite Statement
The Bank’s approach to the risks of different business segments is based on the outlook and returns foreseen for the coming years. Given the current regulatory requirements and macroeconomic situation, the Corporate and Retail segments are expected to grow at par with GDP. Target returns will be maintained through fees and float business for new clients, and sales of investment and insurance products for existing names. For Government relationships, the Bank will selectively underwrite syndicated financing mandates whilst focusing on transaction banking and growing our float business with mid-tier Government clients. More granular Middle Commercial and SME relationships will be built on expanded trade and self-funded transactions, whilst growth of the Private Client portfolio will be limited to business that meets internal RAROC hurdle rates.
Principal Risks Affecting ADCB and Risk Coverage
The principal risks faced by ADCB are presented below, together with a summary of the key areas of focus and how the Bank managed these risks in 2014.
Credit Risk
Definition
Credit risk reflects the risk of losses because one or more counterparties fail to meet all or part of their obligations towards the Bank. Credit risk also includes concentration risk.
Arises from:
- Deteriorating macroeconomic conditions can have an impact on ADCB’s performance and credit risk profile.
- ADCB’s credit portfolio can worsen due to quality of bookings.
Character and impact to ADCB:
Losses can vary materially across portfolios and may include the risk of loss due to the concentration of credit risk related to a specific product, asset class, sector or counterparty. It has the potential to affect adversely ADCB’s financial performance and capital.
How did we fare in 2014?
During 2014, our collective loan-impairment-allowance balance was AED 2.9 bn and 2.14% of credit-risk-weighted assets, in excess of the Central Bank of the UAE directive for banks to increase the level of collective impairment allowance to 1.50% in 2014. Credit quality continued to improve during 2014, as the overall financial condition of businesses and consumers strengthened and the economic sectors affected by the recession improved. Non-performing loan ratio dropped to 3.1% compared with 4.1% a year earlier, and provision coverage improved to 137.1% from 109.7% in 2013. Total impairment charges were 43% lower year on year in 2014.
ADCB’s risk management for this specific type of risk:
- Measurement — Measured as the amount that could be lost if a customer or counterparty fails to make repayments.
- Monitoring — Within limits, approved by individuals within a framework of delegated authorities. These limits represent the peak exposure or loss to which ADCB could be subjected should the customer or counterparty fail to perform its contractual obligations.
- Management — Through a robust risk control framework which outlines clear and consistent policies, principles and guidance for risk managers, ADCB attempts to mitigate this risk by diversifying our portfolio and managing concentrations. In 2014, every member of the Management Executive Committee had concentration management as part of his/her performance objective. ADCB’s risk strategy focuses on growth of granular businesses, and risk parameters are set to encourage granular growth with an improvement in average portfolio quality. ADCB‘s underwriting guidelines and minimum credit acceptance criteria ensure that the new bookings improve portfolio quality. Consequently, disciplined credit process resulted in the portfolio rating improving by one notch in 2014.
Refer to Note 41 of the audited financial statements and Pillar 3 report for further details.
Market Risk
Definition
Market risk is the risk that the Bank’s income and/or valuation of financial instruments will fluctuate because of changes in market risk factors such as interest rates, foreign exchange rates, equity prices, commodities prices and options volatilities.
How did we fare in 2014?
During 2014, average trading value-at-risk (VaR) remained fairly stable from December 2013.
| Metrics | 31/12/2014 (AED) |
|---|---|
| VaR 1d 99% Confidence Level | (4,897,868) |
| SVaR 1d 99% Confidence Level | (23,164,932) |
| Expected Shortfall (1d) | (5,896,621) |
| CVA | (36,666,187) |
ADCB’s risk management for this specific risk:
- Measurement — Our Market Risk function implements valuation and risk policies for all Level 1 and Level 2 financial Instruments in the trading book. The function independently vets and approves all valuation models for mathematical integrity and suitability. The models are used to measure market risk within 99% confidence level through VaR, SVaR, Expected Shortfall, and First Order Greeks (Delta and Vega). Value at risk and stressed value at risk are used to estimate potential valuation losses on risk positions as a result of movements in market rates and prices over a specified time horizon and to a given level of confidence (statistical measure of 99%), augmented with stress/sensitivity testing to evaluate the potential impact on valuations of more extreme, though plausible, events or movements in a set of financial variables (non-statistical measures).
- Monitoring — Using measures including the valuation of interest rate, foreign exchange rate, fixed income and commodity derivatives, the sensitivity of net interest income and the sensitivity of structural foreign exchange are applied to the market risk positions within each risk type.
- Management — Using risk limits approved by the MRCC, all limit breaches are reported according to their materiality to three different levels of authority:
Refer to Note 45 of the audited financial statements for further details.
Liquidity and Funding Risk
Definition
Liquidity risk is the risk that the Bank will be unable to meet its payment obligations of financial liabilities when they fall due and/or to replace funds when they are withdrawn. Funding risk is the risk that the Bank will be unable to achieve its business plans due to its capital position, liquidity position or structural position.
Arises from:
- Liquidity risk arises from mismatches in the timing of cash flows.
- Funding risk arises when the liquidity needed to fund illiquid asset positions cannot be obtained at the expected terms and when required.
Character and impact to ADCB:
Liquidity and funding risk is dependent on company-specific factors such as maturity profile and composition of sources and uses of funding, the quality and size of the liquid asset buffer, and broader market factors, such as wholesale market conditions alongside depositor and investor behaviour. This type of risk has the potential to cause the Bank to fail to meet regulatory liquidity requirements, become unable to support normal banking activity or, at worst, cease to be a going concern.
How did we fare in 2014?
Survival horizon under stressed conditions and further drawdown of liquidity facilities have improved from 11 months at the end of December 2013 to over one year at the end of December 2014.
ADCB’s risk management for this specific risk:
- Measurement — Measured using metrics related to Basel III liquidity ratios and survival horizon under liquidity stress tests and contingency funding plans. Liquidity stress tests are carried out using contractual, behavioural and stressed conditions coupled with contingency funding facilities.
- Monitoring — Against the Bank’s liquidity and funding risk, stress-test management action triggers; overseen by Asset and Liability management and the MRCC.
- Management — Funding is diversified and raised through both retail and wholesale operations. In addition, businesses are required to self-fund all new operations. We also strive to maintain a large portion of our funding as sticky deposits. Our Treasury department ensures access to diverse sources of funding ranging from local customer deposits from both retail and corporate customers to long-term funding, such as debt securities and subordinated liabilities. Further, the Bank also has borrowing facilities from the Central Bank of the UAE to manage liquidity risk during critical times.
Refer to Note 43 of the audited financial statements for further details.
Capital Risk
Definition
Capital risk is the risk that the Bank will have inadequate capital resources: to ensure capital requirements set by the Central Bank of the UAE; to safeguard the Bank’s ability to continue as a going concern and increase the returns for the shareholders; or to maintain a strong capital base to support the development of the business.
Arises from:
Inefficient management of capital resources.
Character and impact to ADCB:
Characterised typically by credit risk losses. Capital risk has the potential to disrupt the business if there is insufficient capital to support business activities. It also has the potential to cause the Bank to fail to meet regulatory requirements. Bank capital and earnings may be affected, impairing the activities of all divisions.
How did we fare in 2014?
Capital adequacy ratio at 21.03%, down 18 bps from December 2013 despite an increase of AED 6.2 bn in RWA. Further Tier 1 ratio at 17.01% improved by 39 bps mainly on account of increase of AED 1.6 bn in retained earnings and AED 0.8 bn in other reserves. However, Tier 2 ratio down 57 bps on account of reduction in subordinated debt of AED 0.5 bn. Thus, quality of capital further improved with an increase in Tier 1 capital and reduction in Tier 2.
ADCB’s risk management for this specific risk:
- Measurement — Measured using capital ratios: core Tier 1 and total capital adequacy ratio using standardised approach (Basel II). Market and operational risk are measured by calculating the capital requirements using the standardised approach (Basel II).
- Monitoring — The Bank operates a capital-planning process aimed at ensuring the capital position is controlled within the agreed parameters. This incorporates regular re-forecasts of the capital positions of the Bank. In the event that the projected position might deteriorate beyond acceptable levels, the Bank would issue further capital and/or revise business plans accordingly.
- Management — Capital adequacy and the use of regulatory capital are managed on a regular basis by management, employing techniques based on the guidelines developed by the Basel Committee and the Central Bank of the UAE. The required information is filed with the regulators on a regular basis as required under Basel II standards. The Bank also prepares an annual comprehensive ICAAP document. This document is a detailed assessment by the Bank of its risk profile, approaches to assessing and measuring various material risks, and capital planning under regular and stress scenarios.
Refer to the Capital Risk Management section in this section, Note 50 of the audited financial statements and Pillar 3 disclosures for further details.
Operational Risk
Definition
Operational risk is the risk of loss arising from system failure, human error, fraud or external events. When controls fail to perform, operational risks can cause damage to reputation, have legal or regulatory implications, or lead to financial losses.
Arises from:
ADCB’s day-to-day operations and is relevant to every aspect of the Bank’s business.
Character and impact to ADCB:
May be financial in nature (characterised by either frequent small losses or infrequent material losses), or may lead to direct customer and/or reputational impact (for example, a major IT systems failure or fraudulent activity). It has the potential to affect the Bank’s profitability and capital requirements directly, as well as stakeholder confidence.
How did we fare in 2014?
There were no material operational losses in 2014.
ADCB’s risk management for this specific risk:
- Measurement — Using both the top risk analysis process and the risk and control assessment (RCA) process, which assess the level of risk and effectiveness of controls.
- Monitoring — Using key indicators and other internal control activities.
- Management — Identifying and assessing risks, implementing controls to manage them and monitoring the effectiveness of these controls using the operational risk management framework. The escalation of issues and events (and, therefore, greater risk transparency across the organisation) is a critical component of ADCB’s operational risk-management process.
Refer to the Pillar 3 disclosures for further details.
Regulatory Risk
Definition
Regulatory risk refers to risk the Bank will be exposed to regulatory sanctions/fines on account of a failure to comply with guidelines issued by the regulators, and non-compliance with laws such as Anti–Money Laundering, Anti–Terrorist Financing, etc.
Arises from:
Regulatory, business or operating environment in which ADCB operates and how we respond to these.
Character and impact to ADCB:
Regulatory defaults of non-compliance can result in adverse impacts on the Bank’s customers, strategy, business, financial condition or reputation, for instance, through the failure to provide appropriate protections to customers, or from regulatory enforcement or other interventions.
How did we fare in 2014?
There were no material operational losses in 2014.
ADCB’s risk management for this specific risk:
We closely watch key regulatory developments in order to anticipate changes and impact on our business. ADCB participates in regulatory consultative meetings to enhance the financial supervisory framework. ADCB is an active member of various forums such as UAE Banks Federation and actively tries to influence regulations. Regulatory compliance is closely monitored by the Risk and Audit areas under the oversight of the Board-level risk committees.
Further, we allocate capital to cover any unforeseen sanctions/regulatory fines due to changes in the Bank’s internal and external regulatory environment. Based on the peer group experience and taking into account our own complexity, the Bank sets aside capital commensurate with regulatory risk as part of its ICAAP process.
Information Security Risk
Definition
Information security risk is the risk of loss of confidential information and disruption of processes due to unavailability of IT systems and the risk that this may cause financial damage.
Arises from:
Information security risk arises from information leakage, loss or theft.
Character and impact to ADCB:
Information security risk gives rise to potential financial loss and reputational damage, which could adversely affect customer and investor confidence. Loss of customer data would also trigger regulatory breaches that could result in fines and penalties being incurred.
How did we fare in 2014?
No material loss of confidential data or disruption of processes due to unavailability of our IT system were reported in 2014.
ADCB’s risk management for this specific risk:
ADCB proactively identifies top organisational information security risks by continuous evaluation of threats and by benchmarking Information security controls against leading industry standards.
An information-risk heat map that maps the Bank’s protection mechanisms against ever-evolving cyberthreats is in place and continually updated. Knowledge from a variety of sources such as published research, security forums and regional events is utilised to keep these mechanisms relevant.
A comprehensive technology-risk-management programme covers classification of assets, identification of vulnerabilities, and assessment of the risks of all internal assets, which enables prioritising and mitigating the internal risks. All internal systems and applications undergo regular security testing, which ensures the effectiveness of security controls.
Reputational Risk
Definition
Reputational risk refers to the potential adverse effects that can arise from the Bank’s reputation being sullied due to factors such as unethical practices, regulatory actions, customer dissatisfaction and complaints, or adverse publicity.
Arises from:
Reputational risk could arise from the failure of the Bank to effectively mitigate the risks in any of our businesses including one or more of credit, liquidity, market, regulatory, legal or other operational risks.
Character and impact to ADCB:
Damage to ADCB’s reputation could cause existing clients to reduce or stop doing business with us and discourage prospective clients from doing business with ADCB. All employees are responsible for day-to-day identification and management of reputational risk.
These responsibilities form part of ADCB’s Code of Conduct and are further embedded through values-based performance assessments.
How did we fare in 2014?
There were no material reported incidents in 2014 that could lead to reputational risk to ADCB.
ADCB’s risk management for this specific risk:
Reputational risk management is aligned with our focus on creating the most valuable bank in the UAE, our strategic objectives, and our risk-appetite goal of maintaining shareholder confidence.
ADCB’s Risk Management function addresses the reputational risk associated with the clients the Bank chooses to do business with. It sets policy and provides guidance to avoid reputational risk relating to business engagements and lending to clients in sensitive industry sectors.
