Board Integrated Risk Management Committee Report

The Committee continued to actively monitor the risk landscape in the midst of local and global uncertainty. Its focus during the year was to ensure that the Bank's risks were effectively managed while pursuing new opportunities to reach its short and long term objectives.

Aroshi Nanayakkara

Chairperson

Management Representatives:
  • Mr Kasun Ratnayake - Chief Risk Officer (CRO)
  • Mr Sudharshana Jayasekera - Chief Compliance Officer (CCO)

Regular attendees to the Committee meetings by invitation:

  • Chief Information Security Officer (CISO)
  • Management Representatives in charge of Credit, Market, Liquidity, Operational and Strategic Risks

The Company Secretary functioned as the Secretary to the Committee and in his absence, a nominee appointed by the Company Secretary functioned as the Secretary to the Committee during the year under review.

REGULATIONS/RULES RELEVANT TO THE FUNCTIONS OF THE COMMITTEE

The role, functions and the composition of the Board Integrated Risk Management Committee (BIRMC) are defined by the provisions of the:

  • Banking Act Direction No. 11 of 2007 on Corporate Governance for Licensed Commercial Banks issued by the Central Bank of Sri Lanka (Direction 2007);
  • Banking Act Direction No. 05 of 2024 on Corporate Governance for Licensed Banks issued by the Central Bank of Sri Lanka (Direction 2024);
  • Code of Best Practice on Corporate Governance 2023 issued by the Institute of Chartered Accountants of Sri Lanka (Code 2023).
COMMITTEE MEMBERSHIP DURING THE YEAR 2024
Board Member Directorship Status Membership Status Attendance (Attended/Eligible to Attend)
Ms Aroshi Nanayakkara Independent/Non-Executive Chairperson (w.e.f 1st June 2024) 9/9
Mr Hiran Cabraal Independent/Non-Executive Member (Chairman until 31st May 2024) 9/9
Mr Rushanka Silva (w.e.f 1st June 2024) Non-Independent/Non-Executive Member 5/6
Mr Keith Modder (w.e.f 1st June 2024) Independent/Non-Executive Member 6/6
Mrs Ayodhya Iddawela Perera (Until 31st December 2024) Executive Member 9/9
Mr Dilip de S Wijeyeratne (Until 31st May 2024) Independent/Non-Executive Member 3/3

w.e.f - with effect from

Refer pages 186 to 189 for the profiles of the committee members.

KEY ACTIVITIES IN 2024
  • The Committee received regular reports on the Bank's performance against established Risk Appetite Limits and Key Risk Indicators (KRIs) from the Risk Management and Compliance Departments. All necessary risk mitigation measures have been initiated to maintain the Bank's exposures at prudent levels while ensuring compliance with regulatory requirements.
  • At Board meetings, the Board of Directors reviewed the key risks as well as the movement in these risks. The Bank's Credit, Operational and Market Risk Appetite limits were reviewed and recommended for approval to the Board and the Bank's KRIs were reviewed and enhanced where necessary.
  • The Bank's overall risk management framework was validated by an independent audit carried out by the external auditor as per regulatory requirements.
KEY ACTIVITIES IN 2024
  • All the risk related policies were reviewed in line with the industry best practices and regulatory requirements and recommended for Board approval.
  • New procedures were introduced where deemed necessary and existing procedures/manuals were reviewed and updated to ensure that they remain accurate, effective and compliant with evolving requirements and regulations.
  • Internal Tolerance Limits i.e. VaR, Stress Testing and other loss limits were reviewed to ensure appropriateness and effectiveness in managing risk at prudent levels and new US Treasury loss limits were introduced.
  • Process documentation and process maps under "Internal Control Over Financial Reporting" were significantly improved.
  • Group level risk assessment was strengthened and capital provisioning sections were reviewed to enhance the Internal Capital Adequacy Assessment Process (ICAAP) mechanism.
  • Recovery Plan (RCP) was reviewed by strengthening the recovery options available to the Bank in a stressed situation.
  • The Risk Matrix was enhanced to provide a holistic view of the risk profile of the Bank highlighting the high and emerging risk factors.
  • The Bank's risk culture was further strengthened through the risk magazine and risk related knowledge- sharing sessions on Credit, Market and Operational Risks.
  • The Bank's impairment process was strengthened by automating the impairment stages of restructured and rescheduled facilities as well as the compulsory watch-listing of restructured and rescheduled facilities.
  • The Committee reviewed the liquidity contingency funding plan incorporating the stressed liquidity coverage ratio along with reciprocal contingency liquidity and funding agreement.
  • The counterparty selection and limit- setting process was strengthened based on the external rating, financial evaluations and consolidation of country limits under Treasury and Export Bills to arrive at a holistic view.
  • The Business Continuity Plans (BCP) were reviewed and approved while conducting timely BCP drills to ensure robust business continuity.
  • The Risk and Control Self- Assessment (RCSA) process was reviewed and further expanded to third party vendors.
  • A Technology Risk Framework was developed using IT KRIs, Technology Risk Appetite and Tolerance Limits.
  • The Committee ensured full compliance with the requirements of the Banking Act Direction No. 16 of 2021 on Technology risk management and resilience.
  • Actions were taken to mitigate the enhanced Cyber Security Risks emanating from the increased adoption of Digital Channels. Measures taken included regular review of objectives and implementation plans of the numerous projects which were launched.
  • Sampath Bank has obtained PCI DSS V3.2.1 certification and ISO 27001:2013 re-certification.
  • The Bank established an Environmental and Social Risk Management System and a policy to effectively manage sustainability risks related to its lending activities including the - issuance of ESG risk opinions for facilities over Rs 100 Mn under the ESMS framework.
  • The Committee reviewed the ESG assessments of the existing portfolio based on analysis conducted, excluding consumption loans and schematised facilities.
  • The new “goAML” reporting system phase I was successfully completed and implementation of phase II is in progress.
KEY RESPONSIBILITIES OF THE COMMITTEE
  • Assessing on a monthly basis, all risks faced by the Bank including Credit, Market, Liquidity, Operational and Strategic Risks as per established risk indicators including the updated Business Continuity Plans. In case of subsidiary companies, risks were managed on a bank basis and group basis.
  • Setting up risk appetite/tolerance limits of the Bank at enterprise and strategic business unit levels.
  • Reviewing the adequacy and effectiveness of all Management level committees such as the Credit Policy, Risk and Portfolio Review Committee, Asset and Liability Management Committee (ALCO) and the Risk and Compliance Committee, to ensure specific risks are managed within quantitative and qualitative risk limits as specified by the Committee.
  • Maintaining continued awareness of any changes in the Bank's risk profile.
  • Ensuring that prompt corrective action is taken to mitigate the effects of specific risks which may move beyond the prudent levels approved by the Committee.
  • Ensuring that the Bank's Disciplinary Committee is functioning effectively to take corrective action with regard to those who fail in managing risks.
  • Establishing a compliance function and appointing a dedicated Compliance Officer selected from Key Management Personnel who periodically assesses and reports on the Bank's compliance with laws, regulations, regulatory guidelines, internal controls and approved policies.
  • Ensuring the existence of clear and independent reporting lines and responsibilities, adequate tools, systems and resources for the successful management of risk and regulatory compliance.
  • Approving and recommending the annual budgets for Risk Management and Compliance Departments to ensure a highly effective Risk and Compliance function.
  • Monitoring controls relating to "Information Security" and reviewing the progress of the "Information Security Committee" (ISC) on a quarterly basis. Ensuring that a pro- active risk management culture is established within the Bank.
  • Submitting a report on priority areas and concerns to the Main Board within a week of each BIRMC meeting.
  • Performing any other activity within the scope of risk related functions that is deemed required by the Committee which will serve to enhance its or the risk function's effectiveness and efficiency.
  • Review the Terms of Reference of the Committee periodically to ensure that it reflects industry best practices at all times.
REPORTING TO THE BOARD

The minutes of the Committee meetings were tabled at Board meetings, thereby providing the Board members with access to the deliberations of the Committee. The risk assessments were submitted to the Board within the required timelines from each Board Integrated Risk Management Committee meeting.

PERFORMANCE EVALUATION OF THE COMMITTEE

The annual self-evaluation of the Committee was conducted at the year-end by the members of the Committee. The results were discussed at the Committee with plans made for improvement where necessary. These were communicated to the Board.

On behalf of the Board Integrated Risk Management Committee,

AROSHI NANAYAKKARA

Chairperson - Board Integrated Risk Management Committee

17th February 2025

Colombo, Sri Lanka

Search Here Chart Generator