The principles underlying SpareBank 1 SMN’s risk management are laid down in the Bank’s risk management policy. The Bank gives much emphasis to identifying, measuring, managing and following up central risks to ensure that the Group progresses in line with its adopted risk profile and strategies.
Risk management within the Group is intended to support the Group’s strategic development and target attainment. The risk management regime is also designed to ensure financial stability and prudent asset management.
This will be achieved through:
The Group’s risk is quantified by calculating expected loss and the risk-adjusted capital (economic capital) needed to meet unexpected losses. Expected loss is the amount which statistically can be expected to be lost in a 12-month period. Risk-adjusted capital is the volume of capital the Group considers it needs to meet the actual risk incurred by the Group. The Board has resolved that the risk-adjusted capital should cover 99.9 per cent of all possible unexpected losses.
Statistical methods are employed to compute expected loss and risk-adjusted capital, but calculation none the less requires expert assessments in some cases. In the case of risk types where no recognised methods of calculating capital needs are available, the Bank defines risk management limits to ensure that the likelihood of an event occurring is extremely low.
Return on risk-adjusted capital is a key strategic target of internal management at SpareBank 1 SMN. It entails allocating capital to business areas based on the estimated risk attending the business concerned, and continuous monitoring of return on capital. Calculation of risk-adjusted capital makes it possible to compare risk across risk groups and business areas. Risk is also gauged and monitored by measuring positions relative to quantitative risk limits and key portfolio risk limits.
The Group’s overall risk exposure and risk trend are monitored through periodic risk reports to the Administration and the Board of Directors. Overall risk monitoring and reporting are carried out by the Risk Management Division which is independent of the Group’s business areas.
Risk management and control are part of SpareBank 1 SMN’s corporate governance as described in the chapter on Corporate Governance. The Group’s control and management model aims for independence in risk reporting, with due emphasis given to responsibilities and roles in the day-to-day risk management. SpareBank 1 SMN has for several years devoted substantial resources to developing effective risk management processes in order to identify, measure and manage risk.
In the risk and capital management process, organisation culture is the foundation on which the other elements are built. SpareBank 1 SMN’s organisation culture comprises management philosophy, managerial style and the people making up the organisation with their individual qualities such as integrity, values, and ethical stance. A deficient organisation culture cannot be compensated for by imposing other oversight and control measures.
The Group attaches importance to a control and management structure that promotes targeted and independent management and control. The risk management process is three-tiered:
The Board of Directors of SpareBank 1 SMN is responsible for overseeing that the Group’s own funds are satisfactory based on the adopted risk profile and requirements set by the authorities.
The Group Board establishes the overarching objectives such as risk profile, return targets and the distribution of capital on the respective risk areas. The Board also establishes overall limits, authorisations and guidelines for risk management within the Group, as well as all significant aspects of risk management models and decision-making processes.
The Group CEO is responsible for risk management. Hence he is responsible for seeing to the implementation of effective risk management systems in the Group, and for the monitoring of risk exposure. The Group CEO is also responsible for delegating authorisations and for reporting to the Board.
The Divisions are responsible for the day-to-day risk management within their respective business areas, and they must at all times see to it that risk management and risk exposure comply with the limits and overarching management principles established by the Board or the Group CEO.
The Risk Management Division is organised independently of the business units and reports directly to the Group CEO. This division is responsible for the Group’s risk models and for the further development of effective risk management systems. It is also responsible for independent risk assessment, risk reporting and for overall monitoring of risk within the Group.
Credit Committees. The Group has two local-level credit committees for the corporate market along with a central-level Group Credit Committee. The two local-level credit committees cover the following areas:
The Credit Committees deliver an independent recommendation to the authorisation holder concerned. The recommendation:
The Balance Sheet Committee is responsible for dealing with matters related to capital structure and liquidity risk, market risk, internal pricing of capital and compliance with limits established by the Board.
The Credit Support Unit takes over dealings with customers who are clearly unable, or are highly likely to become unable, to service their debts unless action is taken beyond ordinary follow-up.
Credit Watch Committee. This committee’s main focus is on exposures at risk. The committee deals with exposures defined on a centralised watch list, mainly in excess in excess of NOK 50m.
The Internal Audit is a tool at the disposal of the Board of Directors and the Administration which oversees that the risk management process is targeted, effective and functions as intended. The Group’s internal audit is carried out by an external provider, thereby assuring the required independence, competence and capacity. The Internal Audit function reports to the Board of Directors.
The Internal Audit function’s reports and recommendations for improvements in Group risk management are continuously reviewed within the Group. The Internal Audit function reviews, regularly and at least annually, the IRB system, including the models underlying the calculation of risk parameters and the application of and compliance with the Capital Requirements Regulations.
SpareBank 1 SMN applies a focused capital management process designed to assure:
A long-term objective of the adopted business strategy is to ensure that the risk-adjusted capital is as far as possible allocated to those areas that yield the highest risk-adjusted return.
Financial projections. A five-year projection of financial developments is prepared with a basis in the strategic objectives and the business plan. A projection is also prepared of a serious economic downturn scenario. The projections are designed to compute how financial developments in business activities and the macroeconomy will impact on the Group’s financial development, including return on equity, the funding situation and capital adequacy.
Finanstilsynet (the Norwegian Financial Supervisory Authority) has granted SpareBank 1 SMN permission to apply the IRB foundation approach to account for credit risk. The Bank accordingly applies its own classification models when computing regulatory capital requirements. The Ministry of Finance resolved in December 2011 to prolong the transitional rules of section 49-2 subsection (11) of the capital requirements regulations. This entails a minimum capital requirement of at least 80 per cent of the requirement calculated under the old rules.
The IRB system includes models, processes, control mechanisms, IT systems and procedures and guidelines associated with classification and quantification of credit risk and with the extended management of credit risk. The IRB system and the models are validated quantitatively and qualitatively to ensure that the models have sufficient predictive ability and are in keeping with adopted guidelines.
In 2011 the Bank applied the basic indicator approach to quantify operational risk, and the standard approach to quantify market risk. SpareBank 1 SMN has established, as an integral part of its risk management policy, a capital allocation process (ICAAP) to ensure that the Bank at all times has adequate own funds in relation to its chosen risk profile. The process is also designed to assure efficient acquisition and application of capital.
Credit risk is the risk of loss resulting from the inability or unwillingness of customers or counterparties to honour their commitments to the Group. The Bank’s organisation of and framework for management of credit risk is adapted to the Basel Committee’s Sound Practices for the Management of Credit Risk and to Finanstilsynet’s module for management and control of credit risk.
Credit risk arising from the Group’s lending activity is the largest area of risk facing the Group. The Group incurs exposure to credit risk through lending and leasing products to retail and corporate customers and through the operations of the Bank’s Markets and Finance Divisions.
Through its annual review of the Bank’s credit strategy, the Board of Directors concretises the Bank’s risk appetite by establishing objectives and limits for the Bank’s credit portfolio.
The Bank’s credit strategy and credit policy are derived from the Bank’s main strategy, and contain guidelines for the risk profile, including maximum expected loss (EL) for the Retail and Corporate market Divisions respectively, maximum portfolio default probability (PD) and maximum economic capital (UL) allocated to the credit business. Concentration risk is managed by distribution of lending between the Retail market and Corporate market Divisions and within lines of business, limits to maximum application of economic capital within lines of business and requirements as to maximum exposure, credit quality and number of exposures above 10 per cent of own funds.
Compliance with credit strategy and limits adopted by the Board of Directors is monitored on a continual basis by the Risk Management Division and reported quarterly to the Board of Directors.
a) The credit strategy is adopted annually by the Board of Directors
The credit strategy establishes the overarching principles for lending and for the management and pricing of credit risk at SpareBank 1 SMN. This includes the structuring of the Bank’s management documents, organisation (distribution of responsibilities and roles) of the credit function, overarching principles for lending and credit strategy objectives.
Credit risk management at SpareBank 1 SMN is based on the principles recommended by the Basel Committee’s paper entitled ‘Principles for the Management of Credit Risk’, new capital adequacy rules (Basel II) and relevant statutes and regulations.
b) Guidelines for portfolio management
The guidelines describe the framework and guidelines applying to the management of SpareBank 1 SMN’s credit portfolio. This applies to the distribution of responsibilities and roles in connection with the measurement and reporting of portfolio risk and profitability as well as measures suited to managing the portfolio within the framework defined in the credit strategy and credit policy.
The composition of the portfolio is managed through the establishment of principles and framework for the granting of new credits, or through changes in existing exposures.
c) Credit policy for the Corporate and Retail market Divisions
These documents describe how the Bank’s credit strategy is to be implemented through the establishment of detailed lending criteria for, respectively, the Corporate market Division and the Retail market Division. The responsibility for the drawing up and maintenance of credit policy rests with the Group CEO.
d) Lending regulations – exercise of lending authorisations
All authorisations in the Retail market and Corporate market Divisions are personal. In the Corporate market Division, credit committees have in addition been set up at local and central level to advise the decision taker in major credit cases. Granting of credit must be in line with the Bank’s credit strategy, credit policy, credit processing procedures and guidelines and must be characterised by completeness, high quality and professionalism. This is documented by way of the Bank’s ordinary loan-officer system.
Compliance with the credit strategy and limits adopted by the Board of Directors is continuously monitored by the Risk Management Division and reported to the Board of Directors on a quarterly basis.
The Bank’s risk classification system is designed to enable the Bank’s loan portfolio to be managed in conformity with the Bank’s credit strategy and to secure the risk-adjusted return. The Board of Directors delegates overall lending authorisation to the Group CEO and the divisional directors. The Group CEO can further delegate authorisations to lower levels.
Lending authorisations are graded by size of commitment and risk profile.
e) Credit models
The Bank’s credit models build on three central components: probability of default (PD), exposure at default (EAD) and loss given default (LGD).
Probability of default (PD)
The Bank’s credit models are based on statistical computations of probability of default. The calculations are based on scoring models that take into account financial position along with internal and external behavioural data. The models are based partly on point-in-time ratings, and reflect the probability of default in the course of the next 12 months under the current economic conditions.
In order to group customers by probability of default, nine risk classes are employed (A-I). In addition the Bank has two risk classes (J and K) for customers whose loans are in default and/or written down. The following table shows the intervals employed for probability of default in each of the risk classes.
The figure below shows the volume distribution of exposures within the various risk classes.
The Bank’s PD models for the retail and corporate markets are validated annually within three dimensions.
The results of the validation confirm that the model’s accuracy meets internal criteria and international recommendations.
Exposure at Default (EAD)
EAD is an estimate of the size of exposure in the event of default at a specific date in the future. For drawing rights, a conversion factor (CF) is used to estimate how much of the present unutilised credit ceiling will have been utilised at a future default date. For guarantees, CF is used to estimate what portion of issued guarantees will be brought to bear. CF is validated monthly for drawing rights within the retail and corporate market. The Bank’s EAD model takes account of differences both between products and customer types.
Loss Given Default (LGD)
The Bank estimates the loss ratio for each loan based on the expected realisable value (RE value) of the underlying collateral, the recovery rate on unsecured debt, as well as the direct costs of recovery.
In conformity with the Capital Requirements Regulations the estimates are downturn estimates. The values are determined based on fixed models and actual realisation values are validated to test the models’ reliability. Based on collateral cover (realisable value divided by EAD), the exposure is assigned to one of seven classes, the best of which has collateral cover above 120 per cent and the lowest has collateral cover below 20 per cent.
The three parameters above (PD, EAD and LGD) underlie the Group’s portfolio classification and statistical calculation of expected loss (EL) and necessary economic capital/risk-adjusted capital (UL).
The portfolio classification is designed to provide information on the level and development of overall credit risk in the total portfolio. Total exposures to customers and other counterparties are shown in notes to the accounts. The LGD model and its components are validated at least annually against observed values from implemented realisations.
Counterparty risk in derivatives trading is managed through ISDA and CSA contracts set up with financial institutions that are the most used counterparties. The CSA contracts limit maximum exposure through market evaluation of the portfolio and margin calls when the change in portfolio value exceeds the maximum agreed limit or threshold amount. The Bank will continue to enter CSA contracts to manage counterparty risk.
For customers, counterparty risk is hedged through use of cash depots or other collateral which must at all times exceed the market value of the customer’s portfolio. Special procedures have been established for calling for further collateral or to close positions if market values exceed 80 per cent of collateral values.
Market risk is a generic term for the risk of loss resulting from changes in rates or prices on financial instruments – in particular changes in share prices, bond rates, interest rates, exchange rates. Market risk also includes the risk of loss due to changes in the price of financial derivatives such as futures, options, and financial instruments based on items other than securities – for example commodities.
Market risk arises at SpareBank 1 SMN primarily in connection with the Bank’s investments in bonds, short-term money market paper and shares, and as a result of activities designed to underpin banking operations such as funding, fixed income and currency trading.
Market risk is managed mainly through day-to-day monitoring of risk exposures against limits set by the Board of Directors and through ongoing analyses of outstanding positions. The Risk Management Division reports monthly to the Board of Directors on the position regarding compliance with the limits set by the Board. Detailed limits apply to investments in shares, bonds and positions in the fixed income and currency markets.
The Group defines limits on exposure to equity instruments using stress tests based on Finanstilsynet’s scenarios. The limits are reviewed at least once a year and are adopted yearly by the Bank’s Board of Directors. The limits are well within the maximum limits set by the authorities.
The Bank uses Finanstilsynet’s models for market and credit risk to compute the Bank’s market risk. These models stress test the Bank’s market risk based on traditional risk measures with an addition for the risk factors risk diversification and market liquidity.
Interest rate risk is the risk of loss due to changes in interest rates. Interest rate risk arises mainly on fixed interest loans and funding in fixed interest securities. The risk on all interest rate positions can be viewed in terms of the change in value of interest rate instruments resulting from a rate change of 1 basis point. The Group utilises analyses showing the effect of this change for various maturity bands, with separate limits applying to interest rate exposure within each maturity band and across all maturity bands as a whole. Interest rate lock-ins on the Group’s instruments are essentially short, and the Group’s interest rate risk is low to moderate. Exchange rate risk is the risk of loss due to changes in exchange rates. The Group measures exchange rate risk with a basis in net positions in the various currencies.
The limits on exchange rate risk are expressed as limits on the maximum aggregate currency position and on the maximum position in the individual currency.
Liquidity risk is the risk that the Group will be unable to refinance its debt or unable to fund increases in assets.
The Group’s finance function is responsible for the Group’s funding and liquidity management. Compliance with limits is monitored by the Risk Management Division which reports to the Board of Directors monthly. The Group manages its liquidity on an overall basis since the Finance Division is responsible for funding both the Bank and the subsidiaries.
Liquidity risk management is based in the Group’s overall liquidity strategy which is reviewed and adopted by the Board of Directors at least once a year, and reflects the Group’s moderate risk profile. As part of the strategy, a preparedness plan has been drawn up to handle the liquidity situation in periods of capital market turbulence with bank-specific and industry-related crisis outcomes and a combination of these. Liquidity management includes stress tests which simulate the liquidity effect of various market events. The results of such testing are taken on board in the preparedness plan developed for the Group’s liquidity management regime.
The Board of Directors reviews the liquidity strategy annually and establishes a framework that promotes a long-term perspective and balance in liquidity procurement. This framework restricts the short-term maturity of the Groups’s liabilities within various time periods. Moreover, an aim of the Group is to survive for 12 months with moderate growth without fresh external funding. New liquidity regulations entered into force on 1 January 2011. SpareBank 1 SMN adjusted the liquidity strategy in autumn 2010 to meet the new requirements.
The Group’s most important source of finance is customer deposits. At end-2011 the ratio of deposits to loans was 65 per cent, as against 61 per cent at end-2010. The Group mitigates its liquidity risk by diversifying funding across a variety of markets, funding sources and instruments, and by use of long-term funding. Too high a concentration of maturities increases refinancing vulnerability. This risk is curbed through defined limits. SpareBank 1 SMN is rated by Moody’s and Fitch Ratings to assure funding at acceptable prices in the money and capital markets.
SpareBank 1 SMN’s liquidity position is satisfactory. The Group’s liquidity is measured regularly against the liquidity indicator for a reference portfolio defined by Finanstilsynet. The Group’s liquidity strategy specifies a maximum deviation against this portfolio. SpareBank 1 SMN stayed within this limit throughout 2011.
The figure below illustrates the funding portfolio’s maturity structure as from end-2011.
The Group was active in the funding market in 2011, and issued loans both domestically and abroad. Funding costs were somewhat higher at year-end than at the start of the year.
The Group’s liquidity situation at end-2011 is satisfactory. The Group increased its liquid assets, in part through bonds deposited with Norges Bank in the course of the year. At year-end the Group’s liquidity was satisfactory: NOK 1.5bn in cash and deposits with Norges Bank, NOK 2.6bn in loans and receivables from credit institutions and NOK 13bn in money market securities and bonds. The bulk of the securities portfolio can be used as collateral for loans from Norges Bank. Of the Group’s total funding volume at year-end, about NOK 7bn is to be refinanced in 2012. By end-2011 SpareBank 1 SMN had moved NOK 22bn of its best-secured home mortgage loans to SpareBank 1 Boligkreditt and it is expected that Boligkreditt account for an important portion of the Group’s financing in 2012.
In order to mitigate counterparty risk, the Group has signed agreements concerning provision of collateral in connection with derivative trades (CSA contracts) with central counterparties. This will substantially reduce exposure to the Group’s key counterparties since the Group – or its counterparties – will be obliged to furnish collateral when the value of contracted business exceeds a pre-agreed threshold.
Operational risk is the risk of loss as a result of unsatisfactory or failing internal processes, systems, human error or external events. Examples of the foregoing include errors on the part of employees, possible flaws in products, processes or systems, or the Bank may incur losses due to fraud, fire and natural damage.
Operational risk is a risk category that captures the bulk of costs associated with quality failings in the Bank’s ongoing business.
SpareBank 1 SMN is wishes to enhance its competence in operational risk management and is cooperating closely SpareBank 1 SR-Bank, SpareBank 1 Nord-Norge, SpareBank 1 Oslo Akershus, Sparebanken Hedmark and the University of Stavanger to further develop a framework for analysis of operational risk and to establish tools for improved quantification of operational risk exposure.
Identification, management and control of operational risk are an integral aspect of executive responsibility at all levels in SpareBank 1 SMN. Executives’ most important aids in this respect are professional insight and managerial expertise along with action plans, control routines and good monitoring systems. A systematic focus on risk assessment also promotes knowledge and awareness of improvements needed in the particular unit. Any flaws found are reported to appropriate levels of the organisation along with recommended improvements.
SpareBank 1 SMN attaches importance to authorisation structures, good descriptions of procedures and clear definition of responsibilities in supply contracts between the respective divisions as elements of a framework for handling operational risk.
The Board of Directors is kept abreast of the operational risk position through quarterly risk reports, and the Board receives each year a report summarising the various risk assessments conducted by the divisions. In addition to a presentation of the most significant risks and associated control and improvement measures, the report contains a self-evaluation of the position regarding the respective divisions’ ongoing management and control. Through the quarterly reports the Board of Directors is also kept abreast of operational losses arising in the various business areas.
The Board of Directors receives each year from the Internal Audit and the statutory auditor an independent assessment of Group risk and of whether the internal control system functions in an appropriate and satisfactory manner.
A system of registration and follow-up (Risk Information System) is used in the effort to ensure continuous improvement in all SpareBank 1 SMN’s business activity. This system promotes better structures and follow-up of risk, events and areas needing improvement. Together with the reporting carried out, this system constitutes an important experience base with respect to operational risk. All operational events which could potentially entail loss or where losses have arisen are recorded in the base. Improvement measures are considered and set in train where appropriate.
The Group has a broad-based insurance programme designed to capture significant portions of losses incurred as a result of major events and disasters. Various liability and crime insurances have been taken out, along with property and contents insurances, with a view to such events. These highly cost-effective policies are primarily intended to cover major loss events.
In 2011 the Parent Bank recorded operational loss events involving a total loss of about NOK 23m.
For 2011 risk-adjusted capital in respect of operational risk was estimated at NOK 330m.
Owner risk is the risk that SpareBank 1 SMN will incur negative results on its holdings in strategically owned companies and/or must supply fresh equity to these companies. The companies concerned are defined in this context as companies in which SpareBank 1 SMN has a significant owner interest and influence.
SpareBank 1 Gruppen, SpareBank 1 Oslo Akershus, BN Bank, SpareBank 1 Boligkreditt and SpareBank 1 Næringskreditt fall within this definition. While the risk posed by these companies is moderate, the Bank is indirectly exposed to increased market risk through its stake in SpareBank 1 Gruppen. SpareBank 1 Boligkreditt and SpareBank 1 Næringskreditt are primarily funding instruments for the core business operated by the owner banks. Their risk picture is relatively simple, and their appetite for market and liquidity risk is very low. Operational risk present in these companies is also low.
SpareBank 1 SMN exercises its control over the SpareBank 1 Gruppen, BN Bank and SpareBank 1 Oslo Akershus effectively through the formal governing bodies that have been established.
Business risk is the risk of unexpected income fluctuations arising from factors other than credit risk, market risk and operational risk. It can materialise in various business or product segments and can arise from business cycle fluctuations and changed customer behaviour.
Business risk expresses itself in unexpected profit impairment. SpareBank 1 SMN constantly experiences changing framework conditions, both with regard to the competitive situation and the legislation affecting income models. The Bank’s response to all such changes is to adjust its business model to compensate for any lapse in income, either by identifying other income areas or by adjusting costs to the new reality.
Sound strategic planning is the most important tool for mitigating business risk. Since business risk can arise from a variety of various risk factors, a broad set of tools (qualitative and quantitative) is employed to identify and report this type of risk.