stewardship

Risk Management

Introduction

Risk management is a discipline at the core of every financial institution and encompasses all the activities that affect its risk profile. It involves identification, measurement, monitoring and controlling risks to ensure that:

The individuals who take or manage risks clearly understand it.
The organisation’s risk exposure is within the limits established by Board of Directors (BOD).
Risk taking decisions are in line with the business strategy, risk appetite and objectives set by BOD.
The expected payoffs compensate for the risks taken.
Risk taking decisions are explicit and clear.
Sufficient capital as a buffer is available to take risk.

CDB recognises that effective risk management is integral to its business success as it strongly supports Company’s shareholder enrichment by offering superior shareholder value. Thus having a Company-wide risk management framework to safeguard the long-term sustainability of the Company and to identify the trade-off between the risk and the return is vital.

Therefore, as the first step of creating an effective risk management system, CDB understands the qualitative distinctions among the types of risks that the organisation faces. Accordingly, Company categorised risks falling into two categories, viz. preventable risks and non-preventable risk events from any of these categories mentioned can be fatal to a company strategy and even threaten its survival.

Business Continuity Planning (BCP)

BCP is a culture to be developed at all levels of staff and the required process needs to be well-aligned with the day-to-day operations. The Board and the Senior Management of each Financial Institution (FI) should adopt a risk-based framework in BCP. Establishing a widespread BCP with least cost without compromising risk management is a difficult task. It would seem rational for all Financial Institutions (FIs) to have BCPs on the assumption that they may have to face and manage an event of an extensive and prolonged disruption with the complete destruction of buildings and infrastructure, loss of key staff, complete inaccessibility of the primary site, forcing the FIs to use back-up facilities for an extended period of time etc.

CDB’s management has identified the importance of a BCP and focused on implementing it during the financial year under review. This will enable the Company to institute appropriate controls to minimise risks and initiate action plans. Most importantly BCP will cover each and every part of the business and if implemented effectively, would surely benefit the risk management function as a whole.

Board and Senior Management Oversight

To be effective, the concern and tone for risk management must start at the top. While the overall responsibility of risk management rests with the BOD, it is the duty of Senior Management to translate strategic direction set by the Board in the shape of policies and procedures and to institute an effective hierarchy to execute and implement those policies. To ensure that the policies are consistent with the risk tolerances of shareholders the same should be approved by the Board.

Principal Risks and Uncertainties Facing the Business

Area	Risk Indicators	CDB’s Response
Maintaining Sales Volumes and Profit Margins Registered Finance Institutes Industry comprises of 47 companies and a severe competition prevails in this industry. Companies are providing homogeneous products and differentiation is considered as a survival mechanism in the market. As a result the Company is under pressure to come up with new and varied products in order to achieve increased sales volumes and thereby obtain greater profit margins.	Weighted Average Lending rate Weighted Average Borrowing Rate Net Interest Margin	During the financial year under review, 15 outlets were opened to increase the market share and to enhance sales and profit margins.
Maintaining required Capital Adequacy and Liquidity Capital adequacy ratio determines the capacity to meet time liabilities and other risks such as credit risk, operational risk, etc. Liquidity is the ability of a company to meet the short-term obligations.	Liquidity Ratio Tier I Ratio Tier I & II Ratio Capital Funds to Deposit Liability Ratio Renewal Ratio	Capital adequacy ratio and liquidity ratio are closely monitored by the Compliance Committee and Asset Liability Committee (ALCO) meetings. Company is operating well above the required level of capital adequacy and liquidity ratios.
Maintaining High Service Quality As mentioned previously, the registered financial institutions industry has severe competition. To ensure longevity, companies have to offer diverse products or should differentiate them by providing quality services. In this sector, service is the main criterion to retain customers. Thus the companies should focus on providing value added services continuously, and exceed customer expectations.	No. of customer complaints No. of inquiries	Continuous training for marketing staff by leading professionals in the industry to serve customers efficiently and effectively. Also, a call centre is in operation to deal with customer complaints and to handle those in a systematic way.
Maintaining a Healthy Non-Performing Ratio (NPL) NPLs are loans that no longer produce income for a finance company that owns them. Loans become non-performing when borrowers stop making payments and the loans enter default. Lending institutions often report their ratio of non-performing loans to total loans as a measure of the quality of their outstanding loans. A smaller NPL ratio indicates smaller losses for the Company, while a larger (or increasing) NPL ratio can mean larger losses for the company as it writes-off bad loans. A healthy non-performing ratio indicates a financial company’s asset quality.	NPL Ratio Collection Ratio	Company has adopted stringent monitoring and recovery procedures while closely monitoring NPL ratio and collection ratio.
Retaining Best Employees In order to provide quality customer service and to provide it efficiently, It is necessary to have a good capable team. Employees should be provided with sufficient training and failing to do so will result in company loosing capable employees.	Employee Turnover Ratio	Conducting Employee Satisfaction Audits. Conducting Annual Awards Ceremony to recognise the best performing employees. Engagement with staff through Employee Suggestion Scheme.
Maintaining Required Level of Compliance to Regulatory Authorities Registered finance companies are under the supervision of Central Bank and are listed in the Colombo Stock Exchange (CSE), which is governed by CSE and Securities & Exchange Commission (SEC). Thus, it is vital to conform to regulations imposed by these authorities and to ensure good corporate governance.	Intervention and Enforcement Actions by Authorities Penalty Exposure	Our Compliance Division continuously reviews business matters and ensures that the company is always adhering to rules and regulations. Compliance meetings are held monthly to discuss the matters pertaining to compliance and communicate the new developments to the relevant parties.
Meeting the Severe Competition The Registered Finance Companies Sector comprises 47 companies and the industry is very competitive as companies provide similar products: leasing, hire purchase, deposits etc. The companies need to offer these products, while focusing on diversification in order to gain a larger market share.	No. of new products and process improvements	CDB has focused on providing total financial solutions by introducing CDB debit card, initiating SLIP transfers, implementing Core Bank solution etc. Continuously carrying out competitor analysis and capitalised on opportunities whenever they arise. Providing exceptional service with the aid of new Core Banking solution.
Acquiring New Technological Proficiency Technology plays a pivotal role in business activities. It contributes to a significant savings of time and money, more importantly; it provides an advantageous boost over rivals.	1st Level System failures 2nd Level System failures 3rd Level System failures	The Core Banking system is in place. All branches are online connected. Decentralisation of business activities to branch level to provide more efficient service to customers.

Area

Risk Indicators

CDB’s Response

Maintaining Sales Volumes and Profit Margins
Registered Finance Institutes Industry comprises of 47 companies and a severe competition prevails in this industry. Companies are providing homogeneous products and differentiation is considered as a survival mechanism in the market. As a result the Company is under pressure to come up with new and varied products in order to achieve increased sales volumes and thereby obtain greater profit margins.

Weighted Average Lending rate

Weighted Average Borrowing Rate

Net Interest Margin

During the financial year under review, 15 outlets were opened to increase the market share and to enhance sales and profit margins.

Maintaining required Capital Adequacy and Liquidity
Capital adequacy ratio determines the capacity to meet time liabilities and other risks such as credit risk, operational risk, etc. Liquidity is the ability of a company to meet the short-term obligations.

Liquidity Ratio

Tier I Ratio

Tier I & II Ratio

Capital Funds to
Deposit Liability Ratio

Renewal Ratio

Capital adequacy ratio and liquidity ratio are closely monitored by the Compliance Committee and Asset Liability Committee (ALCO) meetings. Company is operating well above the required level of capital adequacy and liquidity ratios.

Maintaining High Service Quality
As mentioned previously, the registered financial institutions industry has severe competition. To ensure longevity, companies have to offer diverse products or should differentiate them by providing quality services. In this sector, service is the main criterion to retain customers. Thus the companies should focus on providing value added services continuously, and exceed customer expectations.

No. of customer complaints

No. of inquiries

Continuous training for marketing staff by leading professionals in the industry to serve customers efficiently and effectively. Also, a call centre is in operation to deal with customer complaints and to handle those in a systematic way.

Maintaining a Healthy Non-Performing Ratio (NPL)
NPLs are loans that no longer produce income for a finance company that owns them. Loans become non-performing when borrowers stop making payments and the loans enter default. Lending institutions often report their ratio of non-performing loans to total loans as a measure of the quality of their outstanding loans. A smaller NPL ratio indicates smaller losses for the Company, while a larger (or increasing) NPL ratio can mean larger losses for the company as it writes-off bad loans. A healthy non-performing ratio indicates a financial company’s asset quality.

NPL Ratio

Collection Ratio

Company has adopted stringent monitoring and recovery procedures while closely monitoring NPL ratio and collection ratio.

Retaining Best Employees
In order to provide quality customer service and to provide it efficiently, It is necessary to have a good capable team. Employees should be provided with sufficient training and failing to do so will result in company loosing capable employees.

Employee Turnover Ratio

Conducting Employee Satisfaction Audits.

Conducting Annual Awards Ceremony to recognise the best performing employees.

Engagement with staff through Employee Suggestion Scheme.

Maintaining Required Level of Compliance to Regulatory Authorities
Registered finance companies are under the supervision of Central Bank and are listed in the Colombo Stock Exchange (CSE), which is governed by CSE and Securities & Exchange Commission (SEC). Thus, it is vital to conform to regulations imposed by these authorities and to ensure good corporate governance.

Intervention and Enforcement Actions by Authorities

Penalty Exposure

Our Compliance Division continuously reviews business matters and ensures that the company is always adhering to rules and regulations.

Compliance meetings are held monthly to discuss the matters pertaining to compliance and communicate the new developments to the relevant parties.

Meeting the Severe Competition
The Registered Finance Companies Sector comprises 47 companies and the industry is very competitive as companies provide similar products: leasing, hire purchase, deposits etc. The companies need to offer these products, while focusing on diversification in order to gain a larger market share.

No. of new products and process improvements

CDB has focused on providing total financial solutions by introducing CDB debit card, initiating SLIP transfers, implementing Core Bank solution etc.

Continuously carrying out competitor analysis and capitalised on opportunities whenever they arise.

Providing exceptional service with the aid of new Core Banking solution.

Acquiring New Technological Proficiency
Technology plays a pivotal role in business activities. It contributes to a significant savings of time and money, more importantly; it provides an advantageous boost over rivals.

1st Level System failures

2nd Level System failures

3rd Level System failures

The Core Banking system is in place.

All branches are online connected.

Decentralisation of business activities to branch level to provide more efficient service to customers.

Risk Management Framework

A risk management framework encompasses the scope of risks to be managed, the process/systems and procedures to manage risk and the roles and responsibilities of individuals involved in risk management. The framework should be comprehensive enough to capture all risks a financial institution is exposed to and have flexibility to accommodate any change in business activities.

Hence, the risk management underpins the importance of establishing a proactive and effective risk management framework. This would enable the Company to identify, assess, treat and monitor Company-wide risks and ultimately to reduce or avoid the magnitude of risks that could affect the business.

Risk Management Approach

Company believes that a rules-based risk management system may work well to align values and control employee behaviour, but it is unsuitable for managing risks inherent in a Company’s strategic choices or the risks posted by major disruptions or changes in the external environment. Those types of risk require systems aimed at generating discussion and debate. Thus, the risks that Company faces have been categorised into three categories, each of which require a different risk management approach.

Category 1 - Preventable Risks

These are internal risks, arising from within the Company that are controllable and ought to be eliminated or avoided. The risk of employees or managers’ inappropriate actions and risks from breakdowns of routine operational processes are a few examples of such risks. It has a zone of tolerance for defects or errors that would not cause severe damage to the performance of the Company and achieving complete avoidance would be too costly. But in general Company seeks to eliminate these risks since no strategic benefits from taking them on. These risks include: credit risk, liquidity risk, strategic risk, information communication technology risk, compliance risk, reputation risk, operational risk.

Category 2 - Non-Preventable Risks

These are the risks that arise from events outside the Company and beyond its influence or control. Natural disasters and political developments, major macroeconomic shifts are a few examples of such risks. Non-preventable risks require yet another approach in managing because the Company cannot prevent such risk events from occurring and management is focused on identification and mitigation of their impact. These risks include: commodity price risk, equity price risk, interest rate risk.

Company Approach to Two Categories of Risks:

Category	Risk Mitigation Objective	Control Model	Role of Risk Management Staff Functions	Relationship of the Risk Management Function to Business Units
Preventable Risks Risks arising within the Company that generate no strategic benefits	Avoid or eliminate occurrence cost effectively	Integrated Culture and Compliance Model Mission Statement Value and Belief Systems Rules and Boundaries System Standard Operating Procedures Internal Controls and Internal Audit	Co-ordinates, oversees and revises specific risk controls with internal audit function	Acts as independent overseers.
Non-Preventable Risks External Uncontrollable Risks	Mitigating the occurring risk events cost effectively	Envisioning risks through: Tail-risk Assessments and Stress Testing Scenario Planning War-gaming	Runs stress testing, scenario planning and war gaming exercises with management team	Complements strategy team and act as independent facilitators of envisioning exercises.

Key Risk Exposures of the Company

Company has figured out core risks that the Company is exposed to based on the Risk Mapping approach and designated a person to manage the risk under each risks category where they perform as risk owner of that particular risk area. Company prioritises each risk element based on its severity and frequency periodically by assigning trigger points and reviewing it monthly.

Risk Map

1.	Credit Risk	- A
2.	Liquidity Risk	- B
3.	Strategic Risk	- C
4.	ICT Risk	- D
5.	Compliance Risk	- E
6.	Reputation Risk	- F
7.	Operational Risk	- G
8.	Commodity Price Risk	- H
9.	Equity Price Risk	- I
10.	Interest Rate Risk	- J

Credit Risk

Credit risk arises from the potential that an obligor is either unwilling to perform on an obligation or its ability to perform such obligation is impaired resulting in economic loss to the financial institution. The goal of credit risk management is to ensure that credit-related activities are pursued within the boundaries accepted by the Board level.

Taking into consideration the Company’s risk mapping process, Company has devoted high focus towards managing the credit risk. For the purpose, Company has adopted several quantitative measures such as credit risk stress testing, credit scoring models and qualitative measures such as adhering to credit policies, processes, defined approval hierarchies and nurturing credit risk culture within the Company.

Credit policy of the Company is reviewed regularly by Senior Officials and the Board of Directors based on market developments. There are several trigger points in the trigger point dash board relating to the credit risk which are reviewed at the Integrated Risk Management Committee (IRMC) meeting.

Credit Risk Management Approach Adopted by CDB

Credit Risk Console

Risk Category

Risk Evaluation

Risk Controlling and Mitigation

Default Risk
Obligor is either unwilling to perform on an obligation or its ability to perform such obligation is impaired resulting in economic loss to the financial institution.

Gross and Net Non-Performing Advances
Gross and Net Performing Advances are monitored in order to evaluate the effectiveness of the Company credit policies, asset quality and recovery mechanism. Credit facilities with or over six instalments/rentals in arrears are categorised as non-performing advances.

The decrease in gold prices during the financial year under review was the main contributor in rising NPLs. NPL ratio deteriorated to 5.19% compared to last year’s 2.32%.

However, Company was able to maintain the NPL under industry NPL ratio which stood around 6.7% for the year.

Company predicted the possible environmental changes through its scenario planning, stress testing etc. and strengthened the credit policies during the financial year.
Through ALCO meeting, market developments and economic conditions were monitored on a monthly basis and made amendments to credit policies as and when needed.
Collection ratios were monitored on daily basis to identify any variances.
Centralised credit administration was in place to improve the quality of loans disbursed.
Provision management team closely evaluate and monitor non-performing advances.

Concentration Risk
Probability of loss arising from heavily lopsided exposure to a particular product group or counterparties

This will indicate how Company is exposed to its lending products.

No major changes are observed in the product portfolio and automobile financing has been the main product in the Company’s lending portfolio.

Company has regularly monitored market developments and revised the maximum exposure limits.
Regular monitoring and evaluation of asset portfolio.

Following charts indicate the extent to which the Company is exposed to its largest lending customers:

Following charts indicate the extent to which the Company is exposed to its largest deposit customers.

Growth in loans can be seen in Northern, North Central, Central and Sabaragamuwa Provinces and Western Province continues to have the highest geographical concentration due to high credit demand in the region and 50% of the Company outlets being located within the Western Province.

Risks arising from external developments and affecting borrowers’ repayments

Stress Testing
Credit risk stress testing is used to forecast potential shock that can affect organisation’s future performance due to inability of borrowers to meet their obligations.

Impact on Company Capital Adequacy Ratio (CAR) from the Changes in NPA’s (Non-Performing Advances)

	Scenario 1	Scenario 2	Scenario 3
Magnitude of Shock	5%	10%	15%
Total NPAs	1,349,493	1,349,493	1,349,493
Increase in NPA	67,475	134,949	202,424
Revised Capital	3,509,439	3,441,965	3,374,490
RWA	26,606,739	26,606,739	26,606,739
Revised CAR %	13.19%	12.94%	12.68%

Impact on Company NPL from the Changes of NPAs

	Scenario 1	Scenario 2	Scenario 3
Magnitude of Shock	5%	10%	15%
Total NPAs	1,349,493	1,349,493	1,349,493
Increase in NPAs	67,475	134,949	202,424
Revised NPAs	1,416,968	1,484,442	1,551,917
Total Loan Assets	26,021,036	26,021,036	26,021,036
Revised NPL %	5.44%	5.70%	5.96%

Base Case

Capital Adequacy Ratio (CAR %)	12.61
Capital Base	3,576,914
Total Risk Weighted Assets	26,606,739
NPL Ratio (%)	5.19
Total Non-Performing Assets	1,349,493
Total Performing Assets	24,671,542
Total Loan Assets	26,021,036

In order to assess the impact on capital adequacy, CDB carries stress testing by taking various levels of NPAs in to consideration.

Liquidity Risk

Liquidity risk is the potential for loss to an institution arising from either its inability to meet its obligations or to fund increases in assets as they fall due without incurring unacceptable cost or losses. As a financial institution, managing the liquidity risk is utmost important to CDB since issues relating to liquidity requirements will expose the Company to other risks such as reputation and compliance. Hence, breach of liquidity requirements will directly affect on Company’s going concern and credibility among stakeholders.

CDB’s main sources of funding are retail and institutional deposits (fixed deposits and savings accounts), capital inflows and corporate borrowings. Out of the funding options, Company highly relies on retail and institutional deposits. It is very critical for a Company like CDB to maintain adequate liquidity levels throughout the business cycles in order to meet its day-to-day obligations.
The liquidity ratio is calculated daily and circulated among Key Management Personnel. The capital adequacy ratio is calculated monthly and also taken as a trigger point in the dash board to monitor compliance risk.

Liquidity Risk Console

Risk Category

Risk Evaluation

Risk Controlling and Mitigation

Liquidity Position

Potential for loss to an institution arising from either its inability to meet its obligations or to fund increases in assets as they fall due without incurring unacceptable cost or losses

Maintaining Internal and Regulatory Liquidity Ratios

Direction

As at
31.03.2014

As at
31.03.2013

Maintain minimum holding of liquid assets based on the outstanding value of the time deposits mobilised by the Company.

18.60%

14.49%

Maintaining assets in the form of Government Treasury Bills, Government Securities and CBSL Securities based on average month end total deposit liabilities of the twelve months of the proceeding financial year.

Rs. 1,184 Mn

Rs. 717 Mn

Company maintains healthy liquidity position as per the CBSL regulatory requirements.

Liquidity Stress Testing

Base Case

Liquid Assets Ratio (%)	18.60
Liquid Assets (Rs. ’000)	5,231,418
Deposit Liabilities (Rs. ’000)	24,518,193

Impact on Liquidity Ratio due to Fall in Liquid Liabilities

Direction	Statutory Requirement	As at 31.03.2014	As at 31.03.2013
	Rs. ’000	Rs. ’000	Rs. ’000
Magnitude of Shock	4%	8%	12%
Liquid Assets	5,231,418	5,231,418	5,231,418
Liabilities	24,518,193	24,518,193	24,518,193
Fall in Liabilities	980,728	1,961,455	2,942,183
Revised Liabilities	23,537,465	22,556,738	21,576,010
Revised Liquid Assets	4,250,690	3,269,963	2,289,235
Ratio After Shock	18.06%	14.50%	10.61%

Complying with internal and regulatory liquidity ratios.
The liquidity report is prepared daily and sent to Key Management Personnel and also reported to Board level on a regular basis for decision - making purpose.
Planning for funding is done at the beginning of each financial year capturing contingency funding plan for an urgent situations.
Conducting liquidity stress testing analysis at the ALCO meeting to foresee future funding requirements.

Maturity Mismatch

Maturity gap is being reviewed on a monthly basis at the ALCO meeting.
To have a proper balance in assets and liability maturities via strong diversification of investment portfolio.

Market Risk

When it comes to CDB, managing market risk too is crucial since Company’s business strategies are related heavily to market conditions and that the Company is operating in an emerging economy where market conditions are volatile. Apart from that, Company has no control over market risks compaired to other risk components that the Company is exposed to.

Interest Rate Risk

In the case of CDB, the influence of interest rate risk is high because over 80% of Company’s turnover comprises of interest income while over 50% of Company’s total expenses comprises of interest expenses. Hence, managing interest rate risk is extremely important to CDB since Company’s profits are highly vulnerable to interest rate fluctuations.

ALCO is responsible to monitor the developments in the market in relation to interest rates and make projections based on Company’s targets for the financial year. In order to mitigate the risk, ALCO conducts regular interest rate stress testing under different scenarios to identify the impact for the Company and thereby devise timely strategies to minimise any adverse effects and also to maintain proper balance between assets and liabilities.

Equity Price Risk

Equity price risk arises due to adverse stock market conditions in the country. Since the Company has invested in equity shares there is a risk that the fair value of equities decreases as a result of changes in the levels of equity indices and the value of individual stocks.

Commodity Price Risk

Finance companies are likely to counter the risk of falling gold prices by topping its margins against the collateral whilst a continuous decline in gold prices has reduced the financial system’s dependency on pawning as a method of increasing asset yield in the short to medium term. CDB is also exposed to commodity price risk mainly due to pawning business. Pawning portfolio accounted for nearly 3% out of the total loans and CDB took appropriate measures to minimise the negative impact caused as a result of reducing gold prices.

Risk Category	Risk Evaluation	Risk Controlling and Mitigation
Interest Rate Risk Risk arises due to varying levels of interest rates in the market	Monitoring and Analysing Interest Rate Trends in the Country The continued easing of monetary policy through 2013 amidst low and stable inflation has brought about the desired macroeconomic outcomes. Available indicators show that real GDP growth is set to record around 7.8% growth for 2014. As a result of such measures, growth of credit extended to the private sector has begun to accelerate.	CDB maintains an Investment and Credit dashboard which provides information pertaining to (Weighted Average Borrowing Rate and Weighted Average Lending Rate) on a daily basis which facilitate immensely on decision-making. ALCO meetings are held monthly and interest rate movements are monitored and analysed. Asset re-pricing will be done based on the analysis carried out at the ALCO meetings. Interest rate stress testing will also be conducted and presented at the ALCO meetings.
Equity Price Risk Equity price risk arises due to adverse stock market conditions	The equity market remained passive throughout 2013 and an increase witnessed in early 2014 mainly due to foreign net inflow.	Close monitoring of returns/value of equity portfolios where Company has invested. Monitoring and analysing stock market indices. Equity price stress testing.
Gold Price Risk Risk emerges due to the falling gold prices, pawning fraudulent articles and depreciation of Sri Lankan Rupee	Gold prices falling by 23% in the second quarter of 2013 (although rising 4% during July 1, 2013 to July 15, 2013), there have been growing concerns related to the deteriorating collateral (gold) value against pawning disbursements, as it tends to increase the average Loan To Value (LTV) of a financial institution’s pawning book.	Pawning advances are adjusted based on market gold prices. Monitoring gold price movement on a regular basis. Setting maximum exposure limit for individuals. Random branch visits by pawning consultant to check the quality of the gold articles.

Operational Risk

It is the risk of losses stemming from inadequate or failed internal processes, people and systems or from external events. Absence of operational risks act as a bottleneck for many companies, due to inadequate awareness, on companies no operational risk indicators or insufficient internal controls. Managing operational risk is prime responsibility of all CDB employees and Company has executed a well-defined operational risk policy framework. Internal controls and strict system audit functions are kept in order to enhance the operational risk mitigating process.

Risk Category	Risk Evaluation	Risk Controlling and Mitigation
People Risk Risk of losing the skilled long served employees	HR Department closely monitors the employee turnover ratio monthly and presents data to the management. The details of employee resignations, the reasons for leaving gathered through exit interviews etc. are taken into further discussion. Staff meetings are carried out at department level and there is an employee suggestion scheme available which will facilitate raising employee voice.	Leadership development through mechanisms like speech craft Training and development Employee succession planning. Performance based reward scheme. Company HR policies.
Operational and Technological Manipulation Risk arises mainly due to inappropriate operational and system controls & procedures	Operational Losses Lack of controls and procedures will lead to various manipulations and will act as a bottleneck within the business premises, which may further lead to fraudulent activities. Company has categorised employee related malpractices into five sub-categories and during the year 150 incidents were reported.	Random branch visits by Internal Audit Division. Random branch visits by the Management. Random client visits. Stringent HR policies and internal controls.

Risk Category

Risk Evaluation

Risk Controlling and Mitigation

People Risk

Risk of losing the skilled long served employees

HR Department closely monitors the employee turnover ratio monthly and presents data to the management. The details of employee resignations, the reasons for leaving gathered through exit interviews etc. are taken into further discussion.

Staff meetings are carried out at department level and there is an employee suggestion scheme available which will facilitate raising employee voice.

Leadership development through mechanisms like speech craft
Training and development
Employee succession planning.
Performance based reward scheme.
Company HR policies.

Operational and Technological Manipulation

Risk arises mainly due to inappropriate operational and system controls & procedures

Operational Losses

Lack of controls and procedures will lead to various manipulations and will act as a bottleneck within the business premises, which may further lead to fraudulent activities.

Company has categorised employee related malpractices into five sub-categories and during the year 150 incidents were reported.

Random branch visits by Internal Audit Division.
Random branch visits by the Management.
Random client visits.
Stringent HR policies and internal controls.

Information and Communication Technology Risk

In modern era ICT has been identified as a key business supporting tool and this provides value addition to Company’s core business functions. Hence, it is imperative that CDB has a proper ICT risk management system in place as its key operations are being done via IT systems. CDB has segregated system failures into three main categories as first, second and third level IT failures and has kept three separate sub-units to rectify such failures. Apart from that, Company consists of a comprehensive IT policy and disaster recovery plan, internal controls and carried out regular system audits to mitigate such risks.

Risk Category

Risk Evaluation

Risk Controlling and Mitigation

Business Continuity Risk due to inappropriate ICT
Business continuity risk emerges when Company is not in a situation to maintain its core functions as a result of inadequate ICT

Category	Description
First level system failures	System disruptions due to internal factors.
Second level system failures	System disruptions due to external factors.
Third level system failures	System disruptions due to major system breakdowns.

CDB focused on implementing a Business Continuity Plan (BCP) during the financial year under review as it facilitates to identify the impact of potential risks and losses caused by a disruption or a disaster; formulating and implementing viable recovery strategies; and planning to ensure continuity of an institution’s services particularly in the area of core financial operations/critical businesses, payment, clearing and securities settlement; and administering of comprehensive testing and maintenance.
This would immensely facilitate the Company in minimising and taking appropriate controls and action plans to better prepare and face risk with regard to its IT infrastructure in place.

Maintaining IT policies and internal control mechanisms to better adhere to rules and practices set.
Disaster recovery plan.
System audits will be carried out on a routine basis.
Segregation of responsibilities based on type of the system disruption.

Reputation Risk

Reputational risk is the current and prospective impact on earnings and enterprise value arising from negative stakeholder opinion. Maintaining reputation is an imperative for a public deposit taking institution, since any adverse perception regarding the Company will lead to distress within a short period of time even for a successful company. Therefore maintaining stakeholder confidence is vital for CDB since level of confidence will directly impact on Company performance and business continuity while it indirectly influences the financial services industry where the Company is operating.

The Company’s approach towards managing reputation risk is mainly strategic alignment, cultural alignment, quality commitment and operational focus.

Risk Category	Risk Evaluation	Risk Controlling and Mitigation
Company Specific Activities Current and prospective impact on earnings and enterprise value arising from negative stakeholder opinion	Customer Complaint Review/Customer Surveys Internal faults/errors can prompt reputation risk via customer dissatisfaction. Customer complaints are handled systematically to ensure that each is addressed with equal importance and weightage. Once a complaint is received, it is dealt with systematically and a detailed response is given to the customer within five working days. Inquiries can be made through the telephones placed at each branch where the Head Office Call Centre can be contacted, toll free or via our website; and the records have shown that a majority of these inquiries are made regarding insurance, credit and rental.	Effective communication and image/brand building processes. Strong corporate values supported by appropriate performance incentives. Effective customer response and grievance handling process. Regular customer surveys and customer visits. Training and development of staff. Quality public reporting.
Compliance Risk Company not adhering to rules and regulations imposed by the relevant regulators	Inability to comply with rules and regulations imposed by the industry specific regulator may lead to losses, penalties or even negative public perception of the Company.	Promoting a positive culture regarding compliance with laws and regulations. Strictly adhering to industry specific rules and regulations. Monthly assessment of compliance documents at the compliance committee meeting and at Board meetings through submitting a board paper.
Inadequate Level of Contributions to the Society Inadequate public relations or lack of contributions to the society may lead to negative public perception on Company	It is very much important for a company like CDB to have proper public relations in order to enhance the reputation of the Company. It has focused heavily on development of standard of living of the society. Especially focusing on being a net lender to rural economy and by carrying out several strategic level CSR initiatives to help schoolchildren in their education and enhancing computer literacy thus being a responsible corporate citizen.	Company has categorised four types of CDB Corporate Social Responsibility projects namely; Towards Community Sisudiri Scholarship programme CDB Nena Piyasa CDB Hithawathkam Towards Environment Mihikathata Adaren Corroborating on a Wetland Project Waste Management initiatives.

Strategic Risk

Strategic risk arises due to the current and prospective impact on earnings or capital arising from adverse business decisions, improper implementation of decisions, or lack of responsiveness to industry changes.

Strategic planning, budget meeting sessions, quarterly/bi annual performance reviews are the mechanisms in place to minimise strategic risk at CDB. There are many forums within the Company which will be functioning so as to review daily and monthly performance. These forums form an avenue to make sure the Company is moving according to the predetermined criterion and the decisions put in to place are effective and efficient.

Risk Category	Risk Evaluation	Risk Controlling and Mitigation
Strategic Risk Inability of a company to achieve set of objectives, ineffective strategic directions and planning and inability to adapt to changes in the environment	Internal Business Trends Internal business trends are being evaluated on an ongoing basis to identify whether the Company is going in line with predetermined goals and objectives.	Daily business (internal) information is provided via credit and investment dashboard. Weekly progress reviews. Detailed analysis will be carried out at forums like Finance Committee meeting, ALCO meeting, Treasury meeting etc. and key decisions are taken to meet the current business trends while comparing with last month/year figures.
	Spreads and Margins	Daily information is provided on weighted average lending and mobilising rates. Weekly evaluations. Managing Asset-Liability mismatch and re-pricing decisions are taken by the ALCO.
	Portfolio Health	Stringent credit policies. Centralised credit administration. Analysis of Company collection ratio and NPL on routine basis. Identifying early signals of problem facilities.