Market and Liquidity Risk
The objective of our market risk policies is to obtain the best balance of risk and return while meeting our stakeholders’ requirements. On the other hand, our liquidity risk policies center on maintaining adequate liquidity at all times to be in a position to meet all obligations as they fall due. Market risk, interest rate risk, and liquidity risk exposures are managed through a risk management framework comprising of limits, triggers, monitoring, and reporting process that are in accordance with the risk appetite of the Board.
Market risk exposures are measured and monitored through reports from our Market Risk Management System. We use Historical Simulation Value-at-Risk (VaR) approach for all treasury traded instruments, including fixed income bonds, foreign exchange swaps and forwards, interest rate swaps, and equity securities. Meanwhile, liquidity and interest rate risk exposures are measured and monitored through the Maximum Cumulative Outflow (MCO) and Earnings-at-Risk (EaR) reports from our Asset and Liability Management (ALM) system.
To evaluate the Bank’s overall vulnerabilities on specific events or crisis and gauge our ability to withstand stress events, we have an Integrated Stress Testing framework (IST) in addition to the silo stress tests. The IST complements the Internal Models Approach which is the basis for Internal Capital Adequacy Assessment Process (ICAAP) capital charge under normal condition.
Our policies for managing credit risk are determined at the business level with specific procedures for different risk environments and business goals. Risk limits and thresholds have been established to monitor and manage credit risk from individual and counterparties and/or group of counterparties, and industry sectors. Periodic assessments are also conducted to review the creditworthiness of our counterparties.
The Bank has several risk rating models in place to measure credit risk in a consistent manner. For corporate borrowers with total assets, total facilities, or total exposures of at least P15 million, the rating model used is the Internal Credit Risk Rating System (ICRRS). Retail and small and medium entities and individual loan accounts, on the other hand, are subject to the Borrower Credit Score (BCS) while consumer loans (auto loans, housing loans, credit card), are covered by application scorecards.
Operational, Business Continuity Management (BCM) and Information Technology (IT) Risk
Our Operational Risk Management Framework outlines the policies, processes, and procedures, as well as the tools—including Risk Control Self-Assessment and Key Risk Indicators—for managing our group-wide operational risks.
To mitigate the impact of business-disrupting events, we have a Business Continuity Management (BCM) program covering our resiliency strategies, recovery procedures and facilities, business continuity, and crisis management plans. The program includes tests and simulation exercises which are regularly performed in varying degrees.
In managing our IT risk, we have an IT risk assessment process for identifying vulnerabilities and determining the effectiveness of IT controls. We aligned our IT risk management practices with the standards and operating principles of the Guidelines on IT Risk Management (BSP Circular No. 808) and Enhanced Guidelines on Information Security Management (BSP Circular No. 982).
With the evolving cyber-threat landscape, we developed a Cyber Resilience Framework as a supplement to our Information Security Management System and BCM program. The framework provides the details related to the preparations and measures for protecting the Bank’s disaster recovery infrastructure against cyber-attacks.
We manage our trust risk in accordance with the Guidelines in Strengthening Corporate Governance and Risk Management Practices on Trust, Other Fiduciary Business, and Investment Management Activities (BSP Circular 766). Our Trust Risk Management Guidelines cover all the risks specific to our Trust business, including legal, strategic, and reputational risks. As an additional risk metric, we implemented the Management Action Trigger (MAT) for Private Bonds, and updated the MAT framework for Unit Investment Trust Funds.