Risk Management Protects Your Future
At EastWest, managing risks in everything we do is paramount because it protects our customers and their funds.
Risk management also enables us to seize the growing opportunities that come from operating in a dynamic market while taking prudent measures to ensure reasonable risk-taking.
We identify, measure, manage and control risk when we trade, invest and lend while maintaining and setting aside adequate capital to absorb any unexpected losses from risk events. Provisioning supports our primary goal of maximizing shareholder returns: going after gains while curbing the amount and probability of losses.
Our risk management philosophy emphasizes the integration of effective risk and capital management. This philosophy is embedded across all levels of the organization so that we build a culture where everyone is invested in creating and protecting the value we provide our stakeholders.
This risk management culture hinges on the amount of risk, as determined by the board of directors, that the bank is willing to accept or tolerate in pursuit of its strategic objectives. Business and operating lines act as the first line of defense by managing risks as part of their day-to-day activities.
The business and operating heads, in their capacity as business risk managers (BRMs), serve as the second line of defense. They ensure that risk policies are implemented and performed effectively. The Risk Management Committee (RMC) of the board oversees the overall risk profile of the bank and the Risk Management Division (RMD) reports to it monthly.
As a third line of defense, the Internal Audit Division (IAD) independently evaluates if the bank’s overall risk management is adequate.
All these efforts help realize the organization’s goals of:
With these in mind, our RMD updates outstanding models for identified risks and assesses the bank’s exposures to check for and measure other risks as they become relevant.
The IAD, along with the audit committee, reviews risk management systems, functions, and activities, and checks if these have been generally performed in accordance with the RMD’s defined duties and responsibilities as mandated by the Bangko Sentral ng Pilipinas (BSP). It evaluates the bank’s board and senior management oversight to determine if it is generally adequate, with performance and overall risk profiles discussed regularly and policies, regulatory requirements and capital adequacy tackled during monthly meetings. The IAD also concludes if the essential elements of a sound risk management system are in place, consistent with board-approved risk management charters and manuals.
Credit risk remains to be the largest source of risk for the bank because the nature of its business focuses on lending. Credit risk is the risk of the loss of principal or financial reward arising from a borrower’s failure to honor contractual obligations with the bank. This arises whenever the bank’s funds are extended, committed, invested or exposed through actual or implied contractual agreements, whether reflected on or off the balance sheet.
Credit Risk Management
Credit risk, which is spread among various business lines in the bank, is identified through a collaborative effort among business units, credit support units, and the RMD. To evaluate counterparties, the bank uses the internal credit risk rating system (ICRRS) for its corporate customers and credit scorecards for each type of consumer product. These tools help us estimate the expected loss that takes into consideration the likelihood of default of a customer, counterparty or issuer (of financial instruments) and the severity of the loss at the time of default. Credit risk models take into consideration changes in borrower profile and behavior to allow the bank to proactively update estimates of default or flow rates. Measuring credit risk exposure takes into account assumptions based on historical data alongside those stipulated by the BSP.
To ensure that credit risk remains within prescribed tolerance levels, a board-approved credit risk management manual that specifies the framework, risk appetite and tolerance for credit risk guides the performance of credit underwriting for corporate customers and credit evaluation for individual consumers. Should unexpected credit loss become unavoidable, the bank relies on the collateral required of the borrower alongside provisions set aside for losses in order to reduce and cover the amount forgone. Credit impairment provisions are guided by both regulatory prescriptions and internal models.
To further strengthen the credit risk management process, the bank regularly monitors key credit risk indicators that provide insight into the quality of credit portfolios, levels and areas of credit concentration, quality and sufficiency of collaterals, levels of non-performing loans and adequacy of coverage.
Aside from business-as-usual monitoring efforts of credit risk, the bank also performs stress tests based on scenarios defined internally and those prescribed by regulators. These stress tests help the bank look into its largest exposures (concentration risk), its ability and capacity to withstand defaults from top credit portfolios and the incremental amount of credit risk that it can still afford.
Market and Interest Rate Risks
The bank’s exposures to market and interest rate risks lie heavily on its trading and investments in fixed-income securities, with some exposure to preferred equity and foreign currency, and recently, derivatives trading.
Market risk is driven by price fluctuations due to market variables such as interest rates, foreign exchange rates and equity prices, and implied volatilities. Additionally, changes in interest rates, largely from mismatches in the terms, affect the fair value of future asset and liability cash flows in the bank’s banking book, and impacts on its earnings.
Market risk for the trading book is monitored by portfolio and for each trader on a daily basis by the treasury group and RMD.
Market and Interest Rate Risk Management
Market risk identification is part of the treasury group’s mandate. This follows procedures guided by a manual approved by the board and co-authored by the RMD. Measurement of risks uses two models: Value-at-Risk (VaR) and Earnings-at-Risk (EaR). VaR is used to assess potential losses in relation to positions taken by the bank in the trading book. EaR considers repricing of assets and liabilities in the banking book, arriving at a gap value, representing the open position of the balance sheet exposed to and subjected to sensitivity (to interest rate movements) measures.
Like credit risk, the act of making sure that market risk is within the bank’s appetite is guided by a manual approved by the board that provides direction for the bank’s intended management and supervision of risk. The manual sets out processes in identifying, measuring, controlling, and monitoring market risk. These include transaction approval processes and operational control mechanisms.
In the management of risk-taking, the bank employs a market risk limit (MRL) for the trading book representing the maximum level of potential loss the bank is willing to take. This is further supported by a loss alert limit (LAL) that serves as early warning to facilitate loss reduction strategies.
For the banking book, EaR limits are set in the form of triggers for reduced (by certain material amount) net interest income and net income in order to control losses and manage the interest rate sensitivity of the bank’s balance sheet.
Breaches of limits are escalated to the treasurer, chief risk officer (CRO) and the president for disposition and appropriation. EaR is monitored and reported to the RMC on a monthly basis. Aside from these, stress tests that simulate interest rate shocks (on both the trading and banking books) and foreign currency movements are regularly performed to assess their effects on the bank’s assets and liabilities. This ensures that gaps and risks are monitored and managed in the event of stress and that capital remains sufficient to cover for the same.
Liquidity risk, while not as significant as credit risk, remains to be one of the critical risk areas of the bank. The performance of risk management ensures that the bank continues to operate on a going-concern, as it is able to service its liabilities with consideration of reasonable funding costs, asset- and liability-maturity matching, and profitability despite regulatory liquidity constraints. Liquidity concerns may lead to the deterioration of investor and public confidence and may cause panic among stakeholders.
Liquidity Risk Management
Liquidity risk identification is the treasury group’s responsibility. A good knowledge of future cash flows is imperative in order to ensure that the optimal level of liquidity is achieved on a day-to-day basis and takes into consideration the bank’s funding requirements. It requires that funds are efficiently sourced and deployed and that these are made available to the bank and are tapped as necessary.
The bank measures liquidity risk with a cash flow analysis using a Maximum Cumulative Outflow (MCO) model. It takes into consideration projected cash flows of the bank under a normal operating environment and includes off-balance sheet commitments. The MCO yields a liquidity gap value in relation to the bank’s maturing liabilities and assets per bucket on a cumulative basis.
A board-approved liquidity risk management manual serves as the guide for liquidity risk management and defines the bank’s appetite. Adherence to regulator- and internally prescribed liquidity risk limits is observed. It includes liquidity reserve requirements, liquidity ratios, and MCO gap levels, among others. As a proactive measure, the bank has set a funding contingency plan that ensures readiness in the event that a liquidity problem arises. The plan is reviewed regularly and updated, as needed, by the treasury group.
The treasury group monitors liquidity risk and is complemented by the RMD oversight. It takes into account funding market conditions and earmarks future significant cash flows and provides a performing balance sheet analysis.
The bank also closely monitors its compliance with BSP regulations. In addition, utilization of credit lines and compliance with internally prescribed MCO limits are also checked regularly. The RMD also simulates stress scenarios that help the bank look into its ability to service its liabilities should these be demanded earlier than expected. The bank’s asset liability management committee maintains oversight over the bank’s liquidity position on a weekly basis and is further complemented by monthly reports to the RMC.
The bank’s operational risk has become more pronounced with its aggressive branch store expansion. Operational risk is defined as potential losses anchored on lapses and failures associated with the delivery and performance of the bank’s functions and operations. This may be in any of the processes, people, systems, or even in the occurrence of external events. As it takes on more businesses or transactions, the magnitude of operational risk is expected to increase. This comes at a cost and sufficient attention must be given to manage and possibly reduce these potential losses.
Operational Risk Management
Operational risk, which is inherent in the bank’s functions and transactions, is identified through the help of everyone in the bank. Cooperation from various units of the bank is necessary when gathering data on the sources, likelihood and severity of operational risk events to accurately gauge its operational risk exposure. The data is inputted in a matrix that will generate the likelihood of the occurrence of risks and the business impact for each risk category. Simulations are then performed to estimate the operational risk loss for each event, which may further be aggregated to measure the bank’s overall operational risk exposure.
A board-approved operational risk management manual defines the bank’s framework, risk appetite and tolerance for operational risk. It guides everyone in the bank on the operational risk management process and provides a structured approach to identifying, measuring, controlling and monitoring risk, and consequently, in ensuring that it remains within tolerable levels. The manual guides the RMD in its review and clearance of the various operational policies and procedures of the bank.
Risk and Control Self-Assessment (RCSA) is executed by the different units of the bank to assess its overall operational risk profile. Key risk indicators are regularly monitored to manage risk in an ongoing basis. These procedures also serve to identify areas where there are operational inefficiencies and where performance is inadequate so that these can be improved.
To address threats related to business disruption, the bank also employs a business continuity and disaster recovery plan that is reviewed and updated at least once a year. To curb operational losses, the bank purchases insurance coverage for its employees’ health, and safety, and for potential loss or damage to its physical assets.
Operational risk monitoring requires a bank-wide effort, with each business and operating unit contributing to the activity. The RMD is responsible for gathering and analyzing the data from the different units and generating operational risk management reports that contain information about actual and potential operational loss levels, results of self-assessment activities and the progress in the implementation of corrective action.
Key operational risk indicators alongside negative news on the bank stemming from operational concerns and occupational safety and health issues are utilized to give insight into financial losses, business disruptions, compliance fines and penalties arising from operational lapses. These reports are delivered to the RMC on a monthly basis.
Non-Quantified and Non-Material Risks
Aside from these risks, the bank also measures compliance risk — a risk that is perceived to be non-material. Compliance risk refers to the risk to earnings or capital arising from violations of or non-conformance with laws, rules, regulations, prescribed practices, internal policies and procedures or ethical standards.
Zero tolerance, in general, is being maintained for risks of this nature. Compliance risk monitoring has been institutionalized by the compliance division by maintaining an effective compliance risk management framework that determines a proactive approach to the adherence of current and emerging regulatory and compliance developments. Compliance champions for each functional area of the bank help implement this framework through regular collaborations. Currently, historical figures for penalties and sanctions serve as measures of this risk. Nonetheless, the bank recognizes the need to be able to project these risks moving forward and is thus pursuing the development of a simulation model that can assist in this objective.
The bank acknowledges its exposure to relevant, non-quantified risks like reputational and strategic risks. Reputational risk arises from negative public opinion of the bank by its stakeholders. This may be brought about by poor product and service delivery, regulatory and statutory noncompliance, poor corporate governance, or subpar financial performance, among others. Reputational risk involves the entire organization and cannot be isolated to a particular unit or division of the bank. The materialization of this risk may produce consequences ranging from what may be considered as small or negligible, or result in a temporary loss to business, or to massive threats to the bank’s going-concern status. An assessment of the bank’s historical experience of negative publicity shows that there are no direct and material effects to the bank’s reputation observed as a consequence of such adverse opinion.
The bank recognizes its increasing exposure to reputational risk, especially since its public listing in 2012, and is continuously developing a framework for the quantitative identification, measurement, and monitoring of this risk. The framework will allow for the institutionalization of better controls for the mitigation and management of such risk.
Strategic risk refers to the current and prospective impact to earnings or capital experienced by the bank as a consequence of adverse business decisions, improper implementation of decisions, and the lack of responsiveness to industry changes. The bank perceives this risk to be highly pervasive across the bank’s businesses and operations, making it difficult to measure it as a separate risk. The bank, nonetheless, pursues the development of models to assist in this effort, and studies are ongoing. While these risks have yet to be quantified, the bank is confident overall with its conservative approach to risk management and that the occurrence of events under such risk is mitigated and controlled.
Capital management serves as the thread that ties all the risk management efforts together. At the end of the day, management of all these risks assist in ensuring that capital is both optimized and preserved, supporting the goal of maximizing shareholder value. Capital management thus entails a good command of how and how much capital is utilized so that opportunities are taken advantage of while making sure that prudent levels are maintained to support the bank’s risk-taking activities under normal and stressed conditions. Capital management employs a dynamic coordination of the bank’s strategic plans, risk management efforts and performance measurement initiatives.
The bank aims to achieve the following under its integrative capital management philosophy and framework:
In 2014, the bank maintained capital ratios above the minimum prescribed by the BSP, highlighting that it has successfully maintained adequate capital even with the simultaneous implementation of Basel III.
EastWest is ready and compliant with anticipated capital regulations that the regulators will impose in the near future and will maintain a capital position of the same strength and resiliency.
Thus, additional raising of Basel III-compliant capital is anticipated to further support our plans for organic growth.
As we continue to take an aggressive stance with the onset of a more competitive environment given the forthcoming ASEAN economic integration, the public can only expect a continuous, proactive, and forward-looking risk and capital management practice. This will allow us to continue taking advantage of opportunities as they come while ensuring that enough capital is maintained to support our ventures.