Homepage / About Us / Risk Management

Translated from Latvian

 

Risk Management

 

AS LTB Bank hereby discloses information about risk and capital management under the provisions of Paragraph (1) of Section 36.3 of the „Law on Credit Institutions” and FCMC Regulations „On Information Disclosure” from 11 May 2007.

AS LTB Bank’s (hereinafter – the Bank) strategic goal for risk management is to achieve an adequate balance between risks assumed by the Bank and profit and to minimize the potential adverse effect of risks on the Bank’s financial performance and operation.

The Bank applies the requirements of FCMC regulations concerning risk management and ensures that risk control and compliance control functions are exercised independently from business and internal control units, including enabling direct contact between these functions and the Bank’s Council and Board. Risk management is based on systemic approach and is integrated into the Bank’s internal control system.

Risk control function is organized into a separate structural unit – the Risk Department, which focuses on setting up and maintaining a risk management system consistent with the Bank’s operation and regulatory requirements, as well as on planning, revising and improving this system in line with changes in the Bank’s operation and external factors impacting it.

The Bank has established a structural unit for compliance risk management, including its identification, assessment and control, whereas certain common functions of compliance control function are delegated to other structural units.

To manage, control and regulate inherent risks the Bank applies the following basic principles:

·          Prudence – the Bank acts with discretion, only accepts risks in known spheres of business, does not accept unreasonable risks in any of such spheres, places limitations on or refuses to introduce services associated with heightened risks;

·          Adequate risk management environment – the Bank creates an internal environment and management culture, which stresses high standards of ethical conduct at all levels of the Bank’s organizational structure thereby facilitating effective internal control;

·          Integrity – risk management systems are integrated into the Bank’s internal control system;

·          Obligation – the Bank ensures that risk management requirements are binding on all structural units and employees. The Bank does not introduce new products, services, processes or systems until identified inherent significant risks have been addressed by the Bank’s risk management system and permissible exposure levels have been defined;

·          Continuity – the Bank views risk management as an ongoing continuous process: risk identification, analysis, decision making, implementation and control are performed on ongoing basis as part of the Bank’s development process;

·          Function separation – within the risk management process risk measurement, analysis and control functions are separated from the functions of business units (risk acceptance functions);

·          Consistency – the Bank defines permissible exposure levels and implements adequate risk management according to its business and corporate strategy;

·          Holistic approach – the Bank performs risk analysis in its entirety at the level of relevant committees and the Risk Department, thereby enabling holistic assessment of interaction of risks and the Bank’s total risk exposure;

·          Individuality – the Bank manages inherent significant risks for all types of activity at the level where such risks occur in the structural unit, which is chiefly responsible for deals and actions exposed to the respective type of risk;

·          Regularity – the Bank specifies the periodicity of risk identification, measurement, assessment, stress-testing, control and reporting;

·          Transparency – the Bank discloses risk management information on its website;

·          Discipline – the Bank exercises constant control over compliance with regulatory requirements applicable to risk management, including limits, restrictions and powers.

The Bank identifies all inherent significant risks, also prior to introduction of new products and services, and develops policies for risk management in compliance with laws and regulations, standards of self-governing institutions pertaining to banking, codes of professional conduct and ethics and other best practice banking standards. Under these policies the Bank documents and implements procedures for risk measurement, assessment, mitigation, control, risk reporting and disclosures. Policies are revised at least once a year based on changes in the Bank’s operation and external factors impacting it.

In its risk management process the Bank applies prudent risk management methods consistent with the Bank’s business activity types and their specific character achieving efficient minimization of total risk.

Risk control is implemented as a set of systemic measures with adequate risk control procedures, including restrictions and limits on maximum permissible exposure levels, exposure limitation methods, and control procedures to mitigate risks that cannot be defined in quantitative terms.

The Bank’s Council, Board and heads of relevant structural units regularly receive reports about inherent risks to be able to timely and continuously assess the risks that can impair the Bank’s ability to achieve its goals.

The Bank’s Council supervises risk management in the Bank and assesses its efficiency at least once a year, approves general corporate and risk management strategy, reviews and approves risk management policies and supervises the performance of the Board in the implementation of such policies.

The Board ensures ongoing identification and management of the Bank’s risk exposure under risk management policies approved by the Council, as well as the development and approval of internal regulations establishing adequate risk measurement, assessment, control and reporting procedures, division of authority and responsibility between structural units, and procedure for risk management reporting and disclosures.

The Bank has identified the following inherent significant risks that require risk management and control: credit risk, concentration risk, liquidity risk, interest rate risk, foreign exchange risk, country risk, operational risk (including IT and legal risk), compliance risk as part of reputational risk, and money laundering and terrorist financing risk.

Information about credit risk, concentration risk, liquidity risk, foreign exchange risk, interest rate risk management, capital adequacy and internal capital assessment is available from the Bank’s Annual Report for the Year Ended 31 December 2008 at http://www.ltblv.com/files/dokumenti/gada_parskats_lat_2008.pdf.

 

Compliance Risk

Compliance risk is a risk that the Bank may suffer losses, penalty or injury to goodwill, or its future business may be put at threat if the Bank fails to comply with laws and regulations, standards of self-governing institutions pertaining to banking, codes of professional conduct and ethics and other best practice banking standards (hereinafter – compliance laws, regulations and standards).

The Bank has set a goal – to create an efficient compliance risk management system to prevent losses, imposition of legal duties or penalties and injury to goodwill. In this respect the Bank acts on an action plan, which specifies compliance risk management measures for a reporting period, and controls the implementation of internal regulations governing compliance risk management.

The Bank takes preventive actions to fully and timely identify, document and assess inherent compliance risks in their early phase by developing adequate internal regulations prior to introduction of new products and services.

Fundamental principles of compliance risk management are established in the Compliance Risk Management Policy. Apart from that, the Bank has developed internal regulations necessary for the implementation of compliance risk management.

The Bank has appointed an employee who is responsible for compliance risk management in general and exercises independent control over compliance risk management, while employees of the Bank’s structural units are responsible for observing compliance laws, regulations and standards in performing their job duties.

The Bank assesses compliance risk for all spheres and types of the Bank’s activity by means of expert/self-assessment method.

The Bank organizes staff training in compliance risk and associated problems, consults and provides support to staff regarding regulatory requirements governing compliance issues, the Bank’s internal regulations, their development, improvement, unified and efficient application and implementation.

Money Laundering and Terrorist Financing Risk

It is one of the strategic goals of the Bank to preserve the Bank’s goodwill and stability in the Bank’s relationship with customers, business partners and the public in general, to cooperate with and provide financial services to trustworthy customers and business partners, whose business and activities are understood by the Bank in order to prevent the Bank as much as possible from becoming involved in money laundering and terrorist financing and to prevent losses that can arise in case of rapid loss of confidence among bona fide customers and business partners.

Compliance risk on the level of prevention of money laundering is a risk that the Bank’s compliance with laws and regulations governing prevention of money laundering and terrorist financing is insufficient or that the Bank may become involved in money laundering and/or terrorist financing through its customers or business partners.

To minimize money laundering and terrorist financing risk the Bank has created an internal AML system, which includes actions and measures directed towards enforcement of the requirements of the Law On the Prevention of Laundering of Proceeds Derived from Criminal Activity, including risk assessment, control and mitigation measures, having allocated adequate resources for the purpose.

The Bank’s internal control system comprises the following basic elements and measures:

·          entering into and discontinuing a business relationship with a customer;

·          customer identification;

·          assessment of a customer’s money laundering or terrorist financing risk;

·          identification and early analysis of customer’s beneficial owner;

·          monitoring and in-depth analysis of customer’s deals;

·          discovering and reporting unusual and suspicious transactions to the Office for Prevention of Laundering of Proceeds Derived from Criminal Activity;

·          refraining from suspicious transactions;

·          filing data and documents received during customer identification, analysis and transaction monitoring, results of analyses and reports;

·          staff training.

As part of cooperation with customers the Bank applies a risk assessment-based customer analysis method to possibly shut out cooperation with persons involved in money laundering and terrorist financing.

The Bank does not enter into a business relationship with a customer until identification of that customer and beneficial owner has been performed in compliance with applicable laws and regulations and the Bank’s internal regulations. The Bank does not open anonymous accounts.

Country Risk

Country risk is a risk of losses that may occur if a non-resident business partner of the Bank is unable to fulfill contractual obligations to the Bank due to political, social or economic conditions of the country of residence of that business partner.

The Bank’s country risk management strategy is to achieve a sound balance between country risk and projected returns and ensure maximum protection of the Bank from losses that can result from country risk impact. The Bank’s internal regulations specify a procedure for country risk assessment, which makes use of ratings by external credit rating institutions – international rating agencies and other information about economic and political conditions of countries, thereby identifying countries and regions whose risk is regarded as significant. The Bank sets country risk limits for efficient management and mitigation of country risk. The Bank monitors country risk levels on ongoing basis assessing country risk both before effecting a new transaction and throughout the business relationship.

IT Risk

Information technology risk is the Bank’s exposure to losses or failure to receive profits in case of unsatisfactory information technology or inadequate, insufficient information processing and lack of security of information resources and systems, including confidentiality, integrity and availability.

The Bank performs IT risk analysis from time to time to identify and classify risks and principal risk factors (threats) that can impact the availability, integrity and confidentiality of the Bank’s information resources.

Based on the results of risk analysis the Bank develops a plan of measures for prevention or reduction of risks to a permissible level.

When choosing measures for risk reduction the Bank applies the principle of commensurability of costs of information resources security.

The Bank analyzes IS performance by modeling maximum system loads. Business continuity planning uses scenario-based methods. Business continuity plan details measures to be taken to restore the Bank’s functions should a risk event occur. The plan is reviewed and updated on regular basis.

IT risk control is implemented as a set of systemic measures, which includes the following risk control procedures:

·          restoring business processes;

·          developing and acquiring information systems;

·          maintenance (change and control) procedures;

·          physical and logical access security control.

Legal Risk

Legal risk is the Bank’s exposure to losses or failure to receive profits as a result of inappropriate, incomplete or inaccurate legal documentation related to the Bank’s transactions, which does not provide or fails to sufficiently provide for division of responsibility between the Bank and its customers or business partners and dispute resolution procedures, as well as when deals are not executed in accordance with signed agreements.

The Bank recognizes legal risk as part of operational risk. Legal risk management and control methods, division of duties and responsibilities are similar to those established for operational risk management. To reduce the probability of legal risk event occurrence the Bank develops internal regulations and model agreements.