KBZ Bank considers robust risk management as vital to its success and takes a holistic and integrated approach to it, where management systematically identifies, monitors and manages all material risks that the Bank is exposed to.
This ensures that any risks are continuously managed and mitigated in line with the Bank’s strategies and risk appetite. A wide variety of risks are considered in our approach, including credit, market, operational, liquidity, business, and reputational risks; environmental and social shifts; and other risks that could impact our business.
Holistic Approach to Risk Management
There are three main components to our Risk Governance Framework: our Board of Directors, our Three Lines of Defence, and a comprehensive governance process.
Our Board of Directors ensure that best practices in risk management are integrated into all management initiatives and business activities, and that they are constantly updated to keep up with Myanmar’s fast-evolving business and regulatory environments. The Board works with, and reviews the work of, two Board Committees – the Board Credit Committee and the Board Audit and Risk Committee (BARC) – to achieve these goals.
The BARC is the Board Committee primarily responsible for providing oversight on risk management activities, and ensuring that the necessary material controls and processes are in place and functional. The BARC’s risk control functions actively monitor the Bank’s operations for compliance, and manage incidences of non-compliance, thereby ensuring that the Bank remains within predetermined risk parameters at all times. These functions form part of our second and third lines of defense, and include:
- Risk and credit management
- Internal Audit
The first two functions provide oversight, as well as governance and support to business and functional units on risk and compliance matters. The Internal Audit function, meanwhile, provides independent assurance to the Board and the BARC that risk and compliance management is functioning effectively.
All risk control functions provide regular updates and reports to the BARC.
However, the Board remains ultimately responsible for ensuring that the Bank’s operations comply with Board approved policies, as well as applicable laws and regulations, and are consistent with sound and prudent practices.
Senior managers support the Board by promptly reporting any significant developments that may change the types or levels of risk.
In the second half of 2021, we kick-started the Risk Control Self Assessment (RCSA) project for key business and product lines and completed the RCSA process for risk identification covering these areas in May’2022.
A triple line of defence forms the core of our risk governance framework
- 1. Our business and support units serve as the first line of defence, systematically identifying, assessing, controlling, mitigating, and reporting the risk exposures of their business and operational activities.
- 2. Dedicated Risk Management units, such as the Credit, Market, IRRBB, Liquidity and Operational Risk management departments, and the Legal and Compliance and Financial Crime Compliance units, form a second line of defence. They continually conduct independent reviews, assessments, monitoring, and reporting of their respective risk areas.
- 3. Internal Audit is the third line of defence. It independently tests and verifies the efficacy and robustness of the processes of the business and support units, and ensures they comply with the relevant laws and regulations, as well as various risk management and control policies and procedures.
Credit Risk Management
Credit risk is the risk of loss arising from customers’ or counterparties’ failure to fulfil their financial and contractual obligations in accordance with the agreed terms. It stems primarily from the Bank’s lending including trade finance, investment, hedging and trading activities from both on-and-off-balance sheet transactions.
Credit Risk Management Approach
The Bank has established credit policies and processes to manage credit risk in the following key areas:
- Credit Approval Process
- Credit origination and approval function are clearly segregated – individual corporate credit is subject to independent assessment by a team of experienced credit analysts in Credit Function and approved by the Management Credit Committee (MCC) or Board Credit Committee (BCC). SME and Consumer credit applications are underwritten by local credit analysts and guided by a product program approved by the MCC.
- The Credit function is responsible to ensure the internal processes and credit underwriting criteria are adhered to before credit proposals are approved. All credit proposals are firstly assessed for its credit worthiness by the Relationship Manager in business units before being evaluated by an independent credit analyst in Credit Function and decided upon by the delegated lending authority/relevant committees.
- Post Approval Review – Internal Audit conducts independent post-approval reviews on a sampling basis to ensure that the quality of credit appraisals and approval standards is in accordance with the underwriting standards and credit policies.
- Credit Principle and Underwriting Standards
- All credit facilities are granted based on the credit standing of the borrower/customer, source of repayment and debt/financing servicing ability through cash-flow generation.
- Collateral is taken whenever possible to mitigate the credit risk assumed, subject to the Bank’s policies that govern the eligibility of collateral used for credit risk mitigation.
- The risk-return relationship as well as the overall profitability of the account relationship will be assessed wherever possible for all lending, especially in cases where there are deviations from the established policies.
- Extension of credit facility is subject to the underwriting standards as per the Bank’s credit policy, among others are the business units’ target segment, suitability of facilities according to customer’s needs, maximum tenor and minimum security coverage.
- The Bank has prescribed a list of types of financing and business sectors/ customer types which are deemed as higher risk under discourage lending and business sectors to be avoided. Any exception should be adequately justified and/or sanctioned by the Management Credit Committee.
- All Credit Policy Exceptions must be documented and approved by the relevant approving authority.
- Responsible Financing
- Credit will only be extended to businesses within the Bank’s target markets and business sectors, but never where there is any doubt as to their ethical standards or record.
- The Bank extends appropriate credit products according to the business needs of our customers to minimize the risk of the customer failing to repay the Bank. All credit products are subject to a Product Development Document (PDD) approval internally.
- We have an exclusion list that prohibits financing of operations that negatively impact socio-economy and environmental, among others are customers suspected to be involved AML/CFT, involved in activities which contrive the laws, casino, trading in endangered species etc.
- Concentration Risk
- The Bank manages the diversification of its portfolio to avoid undue credit concentration risk. Credit concentration risk exists in financing to single borrower/customer groups or borrowers/customers in similar business/ industry sectors.
- To manage this concentration risk, exposure limits are established for single borrowing/financing groups and industry segments.
- Analysis of any single large exposure and group of exposures is regularly conducted and the risk function in collaboration with lending units undertake regular account updates, monitoring and management of these exposures.
- Credit Monitoring and Remedial Management
- At account level, all credits granted are subject to an annual review or more frequently under appropriate circumstances.
- At portfolio level, regular risk reporting is made to the senior management, respective committees and Board. These reports include various credit risk aspects such as portfolio quality and concentration risk exposures by business portfolio. Such reporting allows senior management to identify adverse credit trends, take prompt corrective actions, and ensure appropriate decision making.
- The Relationship Manager in the business unit should closely monitor accounts under their portfolio to flag-out problematic loans which may be exhibiting early distress patterns or in the early stages of delinquency but not yet in default.
- For these accounts, business units should work closely with the credit analysts in Corporate Credit function to implement strategies to address lending/business relationships which may result in rescheduling, restructuring or “exit” strategies to be applied.
- For accounts which cannot be remedied or has turned non-performing, it will be transferred to Collections and Recovery function in Risk for recovery and litigation proceedings.
- Classification and Impairment
- The Bank shall adopt the Asset Classification and Provisioning Regulations issued by the Central Bank of Myanmar.
- Asset classification are categorized based on days past due, i.e. “Standard”, “Watch” and “Substandard” for Performing Loans and “Doubtful” or “Loss” for Non-performing loans in accordance with the Bank’s Policy.
Market Risk Management
Market risk is the risk of losses arising from adverse movements in market indicators, such as interest rates, currency exchange rates, equity prices and commodity prices. Under this definition, market risk will constitute: the interest rate and equity risks pertaining to financial instruments in the trading book; and foreign exchange risk and commodities risk in the trading and banking books.
Market Risk Management Approach
The Market Risk Management team is formed to assist the Bank’s senior management in exercising risk oversight on the market risk exposures and ensure that the market risk is independently managed. Its main responsibilities includes as follows:
- Develop Market Risk framework, guidelines and processes and measurement methodologies and review them on a regular basis to ensure that they remain relevant and adequate.
- Participate in new product programs to ensure that market risk is adequately addressed before new product is implemented.
- Highlight forward-looking emerging risks and significant market or regulatory developments to the senior management and where necessary, analyse the impact and make appropriate recommendations.
The ALCO performs a critical role in the management of market risk and supports the board committees in the overall market risk management. The committee meets regularly and is the forum where strategic and tactical decisions are made for the management of market risk.
Market Risk Measurement and Control
Market risk is primarily monitored and controlled via position limit (NOP Limit), Sensitivity Limit (PVO1 Limit), Risk control limits (product/ security type and single transaction limit.
Market Risk Monitoring and Reporting
For effective control of market risk, defined management action triggers and risk limits are established and actively monitored. Market risk reports submitted to the BARC and the ALCO are exercised with the risk oversight responsibility. Significant events, such as breaches and market developments, are appropriately highlighted and promptly reported.
Liquidity risk is the risk of the Bank being unable to maintain sufficient liquidity to meet its financial commitments and obligations when they fall due and transact at a reasonable cost. Liquidity risk also arises from the inability to manage unplanned decreases or changes in funding sources.
Liquidity Risk Management Approach
The ALCO supports the board committees by performing the critical role in the management of liquidity risk, and is responsible for establishing strategies that assist in controlling and reducing any potential exposure to liquidity risk. The ALCO meets regularly and is the forum where strategic and tactical decisions are made for the management of liquidity risk and the Bank’s balance sheet profile.
Liquidity Risk Measurement and Control
The liquidity management process involves establishing liquidity management policies and limits, regular monitoring against liquidity risk limits, and establishing contingency funding plans. These processes are subject to regular reviews to ensure that they remain relevant in the context of prevailing market conditions. Some of the key liquidity risk management tools are top depositors’ mixture, funding source mixture, maturity profile of funding sources, and contingency funding lines.
Liquidity Risk Monitoring and Reporting
ALCO is supported by the Finance/ Market Risk team/ Treasury at the working level who monitors liquidity risk limits and reports to the ALCO the liquidity risk profile on a regular basis.
The risk of loss resulting from inadequate or failed internal processes, people, systems and/or external events, which also includes IT, legal and non-compliance risk, and reputational risk. Operational risk is inherent in our operations and can never be eliminated entirely. The impact can be in the form of actual financial loss or nonfinancial loss such as loss of reputation, non-compliance and unsatisfactory customer service level.
Operational Risk Management Approach
Our strategy for managing operational risk is based on the three lines of defence concept, with the First Line of Defence being business units, departments and branches who own and manage risk as part of their day-to-day activity, Second Line of Defence being independent risk functions and Compliance functions, and the Third Line of Defence being Internal External Audits, which provide independent assurance.
Operational risk frameworks such as NPP, BCM, outsourcing, insurance, etc. are put in-place to maintain a sound operating environment.
The BARC supports the board by performing the critical role in the management of operational risk, and is responsible for establishing strategies that assist in controlling and reducing any potential exposure to operational risk. The BARC meets regularly and is the forum where strategic and tactical decisions are made for the management of operational risk. The BARC is supported by the Operation Risk team at the working level who monitors operational risk and reports to the BARC the operational risk profile on a regular basis.
The Risk Appetite & Statement (RAS) guides our business and supports units on risk-taking, monitoring and control measures. It articulates the level and the nature of the risks that the Bank is willing to take or avoid on behalf of its shareholders, while maintaining its commitments to all other stakeholders. Specifically, it articulates the strategies in place to mitigate returns, volatility, solvency, liquidity, as well as operational and other risks in the short-, medium- and long-terms.
Environmental, social, and governance (ESG) factors are also important considerations for every organisation, given increasing expectations from local and global. Businesses are required to shift their focus from short-term gains to long term value creation.
A Responsible Financing Framework is being put in place as part of our commitment to Sustainability Risk Management. As part of that Framework, we consider the secondary impact of our business activities. In lending, for instance, we assess sustainability risks alongside financial performance, and ensure borrowers are socially responsible and compliant with Myanmar’s social development and environmental protection goals.
The bank has developed an exclusion list for sustainability financing included in the Credit Policy, and sustainability risk assessments have been integrated into the credit evaluation process in the 3rd quarter of 2020. At economic activity level, we would carefully assess the sustainability risk where the lending is associated with the following types of business:
We would also perform screening of sustainability risk associated with customers/ transactions and engage customers on specific sustainability risks identified. These includes assessment on four main areas to ensure they are aligned with the Bank’s practices:
- Environmental risk : The potential negative consequences to a business that result from its impacts (or perceived impacts) on the natural environment (i.e. air, water, soil). At KBZ Bank, we adopted environmental best practices within our business in orders to reduce our environmental impact and carbon footprint, from waste reduction and recycling to supporting programmes that drive these efforts. Details of our environmental initiatives: Managing Our Environmental Footprint
- Social risk: Social risk comes from activities that affect the employees around the business. Aspects such as labor issues, human rights issues, employee health issues, diversity and inclusion qualify as social risk at the workplace.
At KBZ Bank, our purpose is to improve the quality of life in Myanmar and our mission is to achieve 100% Financial Inclusion in Myanmar and to achieve Service Leadership in ASEAN by 2024. We have demonstrated our commitment in many landscape.
- Governance Risk: Promote a fair and transparent way of doing business, ensure good governance practices at the company and ensure adequate internal checks for managing risks. At KBZ Bank, our commitment is to operate with accountability and responsibility for our actions in mind, while minimising negative and creating net positive impact. We conduct our business according to our corporate values (Metta, Thet Ti, and Virya), and do not tolerate corruption and bribery in all forms, be it in our business or our partners. We have highlighted below some of the key governance policies, procedures and guidelines of the Bank. Code of Conduct, Anti-Bribery and Corruption Policy and Whistleblowing Policy have been put in place to cover all stakeholders, including but not limited to employees, members of the Board of Directors and all vendors and contractors. Gift Policy has also been issued to employees to restrict and govern the receipt of any gift for their services at the Bank.
- Track records of the client free in particular on material legal claims or actions (e.g. fines, penalties, lawsuits, etc.) in relation to ESG.
For activities with main environmental impacts associated with its business activities, we would request the clients to furnish the Bank with the Environmental Impact Assessment (“EIA”) report, Environment monitoring report, Approval letter from relevant government bodies for carrying out the business activity, particularly in Mining, Quarrying, Energy, Dam Construction for Power Generation, Logging and wood-based manufacturing.
In addition, the Bank also has a Reputation Risk Appetite Statement, which articulates its zero appetite for legal, regulatory, and industry risks, and states that business units must comply with all laws and regulations and industry standards. The Bank also has no appetite for data security risks and will not tolerate the loss or unauthorised or accidental disclosure of customer or other sensitive information.
The COVID-19 pandemic and current political landscape has challenged almost all businesses, large and small in the country. The bank has proven to be resilient in these challenging times, not only adopting and adapting to new ways of work and engagement, but also going the extra mile to serve our customers.
The bank has led the banking sector efforts to support essential services and maintain the functioning of the economy for the benefit of all people in Myanmar. These include:
Through our network of 500 branches and 1355 ATMs serving 5.2 million customers nationwide, we have supported the economy with its balance sheet, lending more to clients as a percent of deposits than any other major private bank in the country. We also provide various solutions to both individual and corporate customers to meet their need for access to cash.
We have provided a digital payment lifeline for millions of people. The number of KBZPay customers increased from 7 million in 2020 to 10 million as of 2 Aug 2022.
We have actively promoted acceptance of digital payments at wet markets and with key goods and services distributors.
We’re providing payroll services for businesses and factories increasing the digital usage for payroll and mandate digital acceptance by consumer service companies.
We arranged cash withdrawal at designated branches and KBZPay Centres for senior citizen and essential cash support for urgent requests, e.g. healthcare bills, accidents etc. Regrettably, COVID-19 has led to a large number of the customer base falling ill, and in some cases passing away. KBZ has fast-tracked the processing of deceased claims and banking support to surviving family members.
KBZ has already implemented multiple actions to mitigate the decline in deposits. Some of these include:
KBZ Bank was the first bank in Myanmar to launch “Cash Accounts” across all major product categories – call, current, savings and fixed deposits, and continues to innovate with value added services.
The Board of Directors is responsible for approving our risk management positions and any amendments made to keep them current and relevant. The Board also ensures procedures are in place to implement these positions and to effectively monitor and report on all key risk indicators.