The ultimate accountability for oversight of risk management at VCBank resides with the Board of Directors. The Board delegates its responsibility to the Board Risk Committee for oversight of risk management.
To manage the risks to which VCBank is exposed, and to safeguard the funds that have been entrusted to the Bank by investors and shareholders, a risk governance framework has been established and continuously developed. This framework starts with strategic-level risk management tools such as committee terms of reference, risk appetite and policies, which are then used to guide the development of the risk management process at an operational level. The Board Risk Committee evaluates the effectiveness of risk management, using the risk reports that are presented to it. Based on this information, the Committee evaluates the effectiveness of risk management, and identifies any improvements that are required.
The Head of Risk Management reports directly to the Risk Committee of the Board, and administratively to the Chief Executive. The independent Risk Management Department is responsible for providing an enterprise-wide approach to risk management; proactively identifying, monitoring and mitigating all embedded risks; establishing risk management standards; and instilling an organisational culture whereby all employees are individual owners of risks.
Investment risk is the risk of loss due to inappropriate investment decisions or a failure in the investment and portfolio management process.
This risk is mitigated as follows:
- A robust origination and transaction approval process which is designed to assess and challenge the vulnerability of each proposed deal
- Rigorous sensitivity testing of exposure to risk factors
- Concentration risk limits are designed to limit sectoral, geographical and other concentrations, and achieve the benefit of diversification
Operational risk is the potential for loss arising from the failure of people, processes or technology, or the impact of external events.
Operational risk is an intrinsic aspect of VCBank's business model as it has complex business processes in areas such as transaction management, portfolio management, financial reporting and control, maintenance of the internal operating infrastructure, and assessment of risk.
VCBank employs an operational risk management framework. As part of this framework, all functional teams are required to participate in a risk and control self-assessment (RCSA) in which they map business processes and report risks, controls and assessments of risk likelihood and impact, to the Risk Management Department.
Examples of key risk factors:
- Failure in documentation which underpins the Bank's rights in respect of its assets.
- Errors in data or calculation
- Breach of regulatory or legal requirements relating to financial crime, money laundering, conflicts of interest, and the safe keeping and disclosure of information
- Price sensitive information being used for personal gain by employees
- Loss of or damage to physical premises, IT systems and staff
- Failure in the management of existing portfolio assets, such as failing to make or monitor payments
- Conflicts of interest and confidentiality breaches which could harm clients
Liquidity risk is the risk that VCBank does not have sufficient financial resources in the short term to meet its financial obligations as they fall due, or that its strategy is constrained by inadequate or inappropriate funding sources.
Liquidity risk is mitigated as follows:
- Senior executive accountability for forecasting the Bank's cash requirement on the basis of operational and investment payments to be made or received
- Maintaining a sufficient liquidity buffer to meet requirements as they fall due
- Replenishing this buffer as required by means of additional borrowings or funding
Internal Capital Adequacy Assessment Plan (ICAAP)
The internal capital adequacy assessment plan (ICAAP) incorporates a proprietary capital allocation process to ensure that the Bank manages its capital in accordance with international best practices, and meets the standards prescribed by the Central Bank of Bahrain. VCB uses this model to determine if it has sufficient capital to cover the combination of all balance sheet risks; while maintaining sufficient flexibility to facilitate future growth plans, and protect against periods of prolonged and extreme stress in the Bank's operating environment, execution or performance.