The principles underlying SpareBank 1 SMN’s risk management are laid down in the bank’s risk management policy. The bank gives much emphasis to identifying, measuring, managing and following up central risks to ensure that the group progresses in line with its adopted risk profile and strategies.
Risk management within the group is designed to support the group’s strategic development and target attainment. The risk management regime also aims to ensure financial stability and prudent asset management. This shall be achieved through:
The group’s risk is quantified by calculating expected loss and the risk-adjusted capital (economic capital) needed to meet unexpected losses. Expected loss is the amount which statistically can be expected to be lost in a 12-month period. Risk-adjusted capital is the volume of capital the group considers it needs to cover the actual risk incurred by the group. The board of directors has resolved that the risk-adjusted capital should cover 99.9% of all possible unexpected losses.
Statistical methods are employed to compute expected loss and risk-adjusted capital, but calculation none the less requires expert assessments in some cases. In the case of risk types where no recognised methods of calculating capital needs are available, the bank defines risk management limits to ensure that the likelihood of an event occurring is extremely low. For further details, see the bank’s Pillar III reporting which is available on the bank’s home page.
Return on risk-adjusted capital is a key strategic profit measure in the internal management of SpareBank 1 SMN. It involves allocation of capital to business areas based on the estimated risk attending the business concerned, and continuous monitoring of return on capital. Calculation of risk-adjusted capital enables comparison of risk across risk groups and business areas. To this end the bank has implemented EVA calculations (Economic Value Added) in order to monitor risk-adjusted profitability in the respective areas. Risk is also gauged and monitored by measuring positions relative to quantitative risk limits and key portfolio risk measures.
The group’s overall risk exposure and risk trend are monitored through periodic risk reports to the administration and the board of directors. Overall risk monitoring and reporting are carried out by the risk management department which is independent of the group’s business areas.
Risk management and control are part of SpareBank 1 SMN’s corporate governance as described in the chapter on corporate governance. The group’s control and management model aims for independence in risk reporting, with due emphasis given to responsibilities and roles in the day-to-day risk management. SpareBank 1 SMN has for several years devoted substantial resources to developing effective risk management processes in order to identify, measure and manage risk.
In the risk and capital management process, organisation culture is the foundation on which the other elements are built. SpareBank 1 SMN’s organisation culture comprises management philosophy, managerial style and the people making up the organisation with their individual qualities such as integrity, values, and ethical stance. A deficient organisation culture cannot be compensated for by imposing other control and governance measures.
The group attaches importance to a control and management structure that promotes targeted and independent management and control.
The board of directors of SpareBank 1 SMN is responsible for overseeing that the group’s own funds are satisfactory relative to the adopted risk profile and requirements set by the authorities.
The group board establishes the overarching objectives such as risk profile, return targets and how capital is to be distributed on the respective risk areas. The group board also establishes overall limits, authorisations and guidelines for risk management within the group, as well as all significant aspects of risk management models and decision-making processes.
The group CEO is responsible for risk management. Hence he is responsible for seeing to the implementation of effective risk management systems in the group and to the monitoring of risk exposure. The group CEO is also responsible for delegating authorisations and for reporting to the board.
The business areas are responsible for the day-to-day risk management within their respective areas, and they must at all times see to it that risk management and risk exposure comply with the limits and overarching management principles established by the board or the group CEO.
The risk management department is organised independently of the business units and reports directly to the group CEO. This department is responsible for the group’s risk models and for the further development of effective risk management systems. It is also responsible for independent risk assessment, risk reporting and for overall risk monitoring within the group.
The group has a central-level group credit committee and a credit committee for SMB customers. The credit committees deliver an independent recommendation to the authorisation holder concerned. The recommendation:
The bank has a separate department for special exposures which takes over dealings with customers who are clearly unable, or are highly likely to become unable, to service their debts unless action is taken beyond ordinary follow-up.
A credit watch committee has been established whose main focus is on exposures at risk. The committee deals with exposures defined on a centralised watch list, mainly in excess of NOK 50m.
The validation committee reviews, at minimum annually, the validation of the bank’s IRB models. The committee also considers proposals for implementation of newly and further developed versions of the bank’s IRB models. The committee submits recommendations to the bank’s board of directors, which makes the final decision.
The balance sheet committee is responsible for dealing with matters related to capital structure and liquidity risk, market risk, internal pricing of capital and compliance with limits established by the board.
The internal audit is a tool at the disposal of the board of directors and the administration which oversees that the risk management process is targeted, effective and functions as intended. The group’s internal audit is performed by an external provider, thereby assuring the required independence, competence and capacity.
The internal audit function reports to the board of directors. The reports and any recommendations for improvements in the group's risk management are continuously reviewed. The internal audit function reviews, regularly and at least annually, the IRB system, including the models underlying the calculation of risk parameters and the application of and compliance with the capital requirements regulations.
Credit risk is the risk of loss resulting from the inability or unwillingness of customers or counterparties to honour their commitments to the group. The group is exposed to credit risk through all its claims on customers and counterparties. While the group is mainly exposed through ordinary lending operations and leasing activities, it also incurs credit risk through the liquidity reserve portfolio and through counterparty risk arising from interest rate and foreign exchange derivatives.
The bank’s organisation of and framework for management of credit risk is geared to the Basel Committee’s Sound Practices for the Management of Credit Risk and to Finanstilsynet’s module for management and control of credit risk.
Credit risk arising from the group’s lending activity is the largest area of risk facing the group. Through its annual review of the bank’s credit strategy, the board of directors concretises the bank’s risk appetite by establishing objectives and limits for the bank’s credit portfolio.
The bank’s credit strategy and credit policy are derived from the bank’s main strategy, and contain guidelines for the risk profile, including maximum expected loss (EL) for Retail Banking and Corporate Banking respectively, maximum portfolio default probability (PD) and maximum economic and regulatory capital (UL) allocated to the credit business.
Concentration risk is managed by:
Compliance with credit strategy and limits adopted by the board of directors is monitored on a continual basis by the risk management department and reported quarterly to the board of directors.
Credit risk is managed through:
a) Organisation of management and control of credit risk, established annually by the board of directors.
The document establishes the overarching principles for lending. This includes structuring of the bank’s management documents, organisation (distribution of responsibilities and roles) of the credit function and overarching principles for lending.
b) The credit strategy, adopted annually by the board of directors.
The credit strategy establishes priority areas, credit strategy limits and targets and how credit risk is to be priced at SpareBank 1 SMN
Credit risk management at SpareBank 1 SMN is based on principles recommended by the Basel Committee’s paper entitled ‘Principles for the Management of Credit Risk’, capital adequacy rules (Basel II) and relevant statutes and regulations.
c) Guidelines for portfolio management.
The guidelines describe the framework and policies governing the management of SpareBank 1 SMN’s credit portfolio. They distribute responsibilities and roles with respect to measuring and reporting portfolio risk and profitability in the portfolio as well as measures suited to managing the portfolio within the framework defined in the credit strategy and credit policy.
The composition of the portfolio is managed through the establishment of principles and framework for the granting of new credits, or through changes in existing exposures.
d) Credit policy for Retail Banking and Corporate Banking.
These documents describe how the bank’s credit strategy is to be implemented through the establishment of detailed lending criteria for, respectively, Retail Banking and Corporate Banking. The responsibility for the drawing up and maintenance of credit policy rests with the group CEO.
e) Lending regulations: Exercise of lending authorisations.
All authorisations within Retail Banking and Corporate Banking are personal. In Corporate Banking, credit committees have in addition been set up at local and central level to advise the decision taker in major credit cases. Granting of credit must be in line with the bank’s credit strategy, credit policy, credit processing procedures and guidelines and must be characterised by completeness, high quality and professionalism. This is documented by way of the bank’s ordinary loan processing system.
The bank’s risk classification system is designed to enable the bank’s loan portfolio to be managed in conformity with the bank’s credit strategy and to secure the risk-adjusted return. The board of directors delegates overall lending authorisation to the group CEO. The group CEO can further delegate authorisations to lower levels.
Lending authorisations are graded by size of commitment and risk profile.
f) Credit models.
The bank’s credit models build on three central components: probability of default (PD), exposure at default (EAD) and loss given default (LGD).
Probability of default (PD)
The bank’s credit models are based on statistical computations of probability of default. The calculations are based on scoring models that take into account financial position along with internal and external behavioural data. The models are based partly on point-in-time ratings, and reflect the probability of default over the course of the next 12 months under the current economic conditions.
In order to group customers by probability of default, nine risk classes are employed (A-I). In addition the bank has two risk classes (J and K) for borrowers whose loans are in default and/or written down.
The figure below shows the volume distribution of exposures within the various risk classes.
The bank’s PD models for Retail Banking and Corporate Banking are validated on an ongoing basis and at minimum annually within three dimensions.
Exposure at Default (EAD)
EAD is an estimate of the size of exposure in the event of any default at a specific date in the future. For drawing rights, a conversion factor (CF) is used to estimate how much of the present unutilised credit ceiling will have been utilised at a future default date. For guarantees, CF is used to estimate what portion of issued guarantees will be brought to bear after default. CF is validated monthly for drawing rights within Retail Banking and Corporate Banking. The Bank’s EAD model takes account of differences both between products and customer types.
Loss Given Default (LGD)
The bank estimates the loss ratio for each loan based on the expected realisable value (RE value) of the underlying collateral, the recovery rate on unsecured debt, as well as the direct costs of recovery.
Values are determined using standard models, and actual realised values are validated to test the models’ reliability.
In conformity with the capital requirements regulations the estimates are downturn estimates. The values are determined based on defined models. Based on collateral cover (realisable value divided by EAD), the exposure is assigned to one of seven classes, the best of which has collateral cover above 120 per cent and the lowest has collateral cover below 20 per cent.
The three parameters above (PD, EAD and LGD) underlie the group’s portfolio classification and statistical calculation of expected loss (EL) and necessary economic capital/risk-adjusted capital (UL).
The portfolio classification is designed to provide information on the level and development of overall credit risk in the total portfolio. Total exposures to customers and other counterparties are shown in notes to the accounts.
Counterparty risk in derivatives trading is managed through ISDA and CSA contracts set up with financial institutions that are the bank’s most used counterparties. The CSA contracts limit maximum exposure through market evaluation of the portfolio and margin calls when the change in portfolio value exceeds the maximum agreed limit or threshold amount. The bank will continue to enter CSA contracts to manage counterparty risk.
For customers, counterparty risk is hedged through use of cash depots or other collateral which must at all times exceed the market value of the customer’s portfolio. Special procedures have been established for calling for further collateral or to close positions if market values exceed 80 per cent of collateral values.
The bank has in recent years made system changes to prepare the ground for the forthcoming EMIR Regulation. Due to challenges in the EEA body of rules, this Regulation has not been implemented in Norwegian law.
Market risk is a generic term for the risk of loss and reduction of future incomes arising as a result of changes in observable rates or prices on financial instruments – in particular changes in share prices, interest rates (including credit spreads) and exchange rates. Market risk also includes the risk of loss due to changes in the market price of financial derivatives such as futures, options, and financial derivatives based on items other than securities – for example commodities.
Market risk arises at SpareBank 1 SMN primarily in connection with the bank’s investments in bonds, short-term money market paper and shares, and as a result of activities designed to underpin banking operations such as funding, fixed income and currency trading.
Market risk is managed through day-to-day monitoring of risk exposures against limits set by the board of directors and through ongoing analyses of outstanding positions. Risk Management reports monthly to the board of directors on the position regarding compliance with the limits set by the board. Detailed limits apply to investments in shares, bonds, positions in the fixed income and currency markets and to spread risk.
The group defines limits on exposure to equity instruments using stress tests based on Finanstilsynet’s scenarios. The limits are reviewed at least once a year and are adopted yearly by the bank’s board of directors.
The bank uses Finanstilsynet’s models for market and credit risk to compute the bank’s market risk. These models stress test the bank’s market risk based on traditional risk measures with an add-on for the risk factors risk diversification and market liquidity. Risk factors are reviewed on a quarterly basis.
Interest rate risk is the risk of loss due to changes in interest rates in financial markets. Interest rate risk arises mainly on fixed interest loans and funding in fixed interest securities. The risk on all interest rate positions can be viewed in terms of the change in value of interest rate instruments resulting from a rate change of 1 basis point. The group utilises analyses showing the effect of this change for various maturity bands, with separate limits applying to interest rate exposure within each maturity band in addition to a separate limit for overall interest rate risk. Interest rate lock-ins on the group’s instruments are essentially short, and the group’s interest rate risk is low to moderate.
Spread risk is the risk of loss due to changes in the market value/realistic value of bonds as a consequence of increased risk mark-ups in the pricing of these bonds. Credit risk in the bond portfolio is managed based on an evaluation of the respective issuers. In addition the bank has a separate limit for overall spread risk for all bonds. The bank computes spread risk with a basis in Finanstilsynet’s module for market and credit risk where overall loss potential is the sum of loss potentials calculated for each individual credit risk exposure. The loss potential for the individual credit exposure is computed with a basis in rating and duration. Bond risk is considered to be moderate.
Exchange rate risk is the risk of loss due to changes in exchange rates. The group measures exchange rate risk with a basis in net positions in the various currencies. The limits on exchange rate risk are expressed as limits on the maximum aggregate currency position and on the maximum position in the individual currency. Exchange rate risk is considered to be low.
Equity risk is the risk of loss due to changes in share prices. This risk is linked to positions in equity instruments, including derivatives with equity instruments as the underlying. Equity risk is considered to be moderate.
Liquidity risk is the risk that the group will be unable to meet its obligations and/or finance increases in assets without incurring extra costs in the form of falling prices of assets which must be realised or in the form of extra costly financing.
Management
The bank’s finance department is responsible for the group’s funding and liquidity management. Compliance with limits is monitored by the risk management department which reports to the board of directors monthly. The group manages its liquidity on an overall basis since the finance department is responsible for funding both the bank and the subsidiaries.
Liquidity management is based in the group’s overall liquidity strategy which reflects the group’s moderate risk profile. As part of the strategy, preparedness plans have been drawn up to handle the liquidity situation in periods of capital market turbulence featuring both bank-specific and industry-related crisis outcomes and a combination of the two. Liquidity management includes stress tests which simulate the liquidity effect of various market events. The results of such testing are taken on board in the preparedness plans developed for the group’s and the alliance’s liquidity management regime.
Risk measurement
The bank’s board of directors reviews the liquidity strategy annually and establishes a framework that promotes a long-term perspective and balance in liquidity procurement. The bank’s overall aim is to be able to survive 12 months of ordinary operations without fresh external funding.
The bank’s most important source of finance is customer deposits. The bank mitigates its liquidity risk by diversifying funding across a variety of markets, funding sources and instruments, and by use of long-term funding. Too high a concentration of maturities increases refinancing vulnerability. This risk is curbed through defined limits. The bank is rated by Moody’s and Fitch Ratings to assure funding at acceptable prices in the money and capital markets. The bank established its own residential mortgage company in 2015, and was granted a licence by Finanstilsynet (Norway's FSA) in autumn 2015. The company is not operational, but will be a part of the bank's preparedness plan. SpareBank 1 Boligkreditt remains the bank's preferred instrument for home financing.
SpareBank 1 SMN’s liquidity position is satisfactory. The bank’s liquidity is measured regularly against the liquidity indicator for a reference portfolio defined by Finanstilsynet. The bank’s liquidity strategy specifies a maximum deviation against this portfolio. The bank kept within this limit throughout 2015.
The Ministry of Finance set new quantitative requirements for banks' liquidity reserves on 25 November 2015. The LCR requirement obliges undertakings to maintain a liquidity reserve of at least 100 per cent at all times, i.e. their holdings of liquid assets shall at minimum correspond to net liquidity outflow in a given stressed period of 30 calendar days. The bank can phase in the liquidity reserve requirement as follows: 70 per cent as from 31 December 2015, 80 per cent as from 31 December 2016 and 100 per cent as from 31 December 2017.
The figure below illustrates the funding portfolio’s maturity structure as from end-2015.
Operational risk is the risk of loss as a result of unsatisfactory or failing internal processes, systems, human error or external events. Examples of the foregoing may be errors on the part of employees, possible flaws in products, processes or systems, or the bank may incur losses due to fraud, fire or natural damage.
Operational risk is a risk category that captures the bulk of costs associated with quality failings in the bank’s ongoing business.
Identification, management and control of operational risk are an integral aspect of executive responsibility at all levels in SpareBank 1 SMN. Executives’ most important aids in this respect are professional insight and managerial expertise along with action plans, control routines and good monitoring systems. A systematic focus on risk assessment also promotes knowledge and awareness of improvements needed in the particular unit. Any flaws found are reported to appropriate levels of the organisation along with recommended improvements.
SpareBank 1 SMN attaches importance to authorisation structures, good descriptions of procedures and clear definition of responsibilities in supply contracts between the respective divisions as elements of a framework for handling operational risk.
The board of directors is kept abreast of the operational risk position through quarterly risk reports and the annual internal control report. In addition the board of directors receives each year from the internal auditor an independent assessment of the group's risk position and of whether the internal control system functions in an appropriate and satisfactory manner.
A system of registration and follow-up (Risk Information System) is used in the effort to ensure continuous improvement in all SpareBank 1 SMN’s business activity. This system promotes better structures and follow-up of risk, events and areas needing improvement. Together with the reporting carried out, this system constitutes an important experience base with respect to operational risk. All operational events which could potentially entail loss or where losses have arisen are recorded in the base. Improvement measures are considered and set in train where appropriate.
A broad-based insurance programme is in place that will capture significant portions of losses incurred as a result of major events and disasters. Various liability and crime insurances have been taken out, along with property and contents insurances, with a view to such events. These highly cost-effective policies are primarily intended to cover major loss events.
In 2015 operational loss events were recorded involving a total loss of about NOK 2.8m.
Owner risk is the risk that SpareBank 1 SMN will incur negative results on its holdings in strategically owned companies and/or must supply fresh equity to these companies. The companies concerned are defined in this context as companies in which SpareBank 1 SMN has a significant owner interest and influence.
SpareBank 1 Gruppen, BN Bank, SpareBank 1 Boligkreditt and SpareBank 1 Næringskreditt fall within this definition. The risk posed by these companies is moderate, but the bank is indirectly exposed to increased market risk through its stake in SpareBank 1 Gruppen. SpareBank 1 Boligkreditt and SpareBank 1 Næringskreditt are primarily funding instruments for the core business operated by the owner banks. Their risk picture is relatively simple, and their appetite for market and liquidity risk is very low. Operational risk present in these companies is also low.
SpareBank 1 SMN exercises its control over the SpareBank 1 Gruppen and BN Bank effectively through the formal governing bodies that have been established.
Business risk is the risk of unexpected income fluctuations arising from factors other than credit risk, market risk and operational risk. It can materialise in various business or product segments and can arise from business cycle fluctuations and changed customer behaviour.
Business risk expresses itself in unexpected profit impairment. SpareBank 1 SMN constantly experiences changing framework conditions, both with regard to the competitive situation and the legislation affecting income models. The bank’s response to all such changes is to adjust its business model to compensate for any lapse in income, either by identifying other income areas or by adjusting costs to the new reality.
Sound strategic planning is the most important tool for mitigating business risk. Since business risk can arise from a variety of various risk factors, a broad set of tools (qualitative and quantitative) is employed to identify and report this type of risk.
SpareBank 1 SMN applies a focused capital management process designed to assure:
A long-term objective of the adopted business strategy is to ensure that the risk-adjusted capital is as far as possible allocated to those areas that yield the highest risk-adjusted return.
The capital management process must:
A four-year projection of financial developments is prepared with a basis in the strategic objectives and the business plan. A projection is also prepared of a serious economic downturn scenario. The projections are designed to gauge how financial developments in business activities and the macroeconomy will impact on the group’s financial development, including return on equity, funding structure and capital adequacy.
See also the bank's Pillar III reporting, available at smn.no for further information on SpareBank 1 SMN's risk and capital management.