Introduction
Among the primary objectives of risk management is to limit adverse gaps in earnings and equity though managing risk exposures and capital within agreed limits. This ensures attainment of the Bank’s growth plans in a controlled environment. Managing and controlling risk, minimizing undue concentrations of exposures and limiting potential losses from stress events are among the essential elements of the Bank’s risk management and control framework. This framework ultimately ensures the protection of the Bank’s reputation and is consistent with our objective of increasing shareholder value.
The merger of Allied Banking Corporation and Philippine National Bank was finalized in Feb 9, 2013, as approved by BSP (Bangko Sentral ng Pilipinas) and SEC (Securities and Exchange Commission). Harmonization activities commenced in 2008 when the respective Board of Directors of PNB and Allied Banking Corporation (ABC) passed resolutions approving the plan to merge the two banks. The activities involved the areas of bank policies, processes and systems together with the merged organizational structure. For the risk management function, the various risk management tools are now applied to the new bank with data sourcing as one of the bigger challenges to hurdle. Furthermore the bank submitted its merged ICAAP (Internal Capital Adequacy Assessment Process) document in August 2013 in time to comply with the merger incentives set by the BSP.
At PNB, we place a high priority on risk management and are taking steps to continue to refine our framework for risk management, including the identification and control of the risks associated with our operational activities.
The Board and its Risk Oversight Committee operate as the highest level of PNB’s risk governance. At management level, risk governance is undertaken by a structured hierarchy of committees each with specified accountabilities. The continues flow of information between the board and board-level committees and the corresponding management committees; allow for consistent evaluation of the risks inherent in the business, raise the alarms, if any, and manage the business effectively with strong adherence to process management guidelines and controls.
Enterprise Risk Management Framework
The Bank’s philosophy is that responsibility for risk management resides at all levels within the Bank and therefore uses the three lines of defense model:
- The first line of defense rests with business units who are responsible for risk management. Assessment, evaluation and measurement of risk are ongoing processes and are integrated in the day to day activities of the business unit. The process includes the setting up of a proper system of internal control, identifying issues and taking remedial actions where required.
- The second line of defense comes from the risk management function of the Bank, which is independent of business operations. The risk management unit implements the risk management framework, provides independent oversight over specific board directives and is responsible for regular reporting to the Risk Oversight Committee
- The third line of defense is the internal audit function which provides an independent assessment of the adequacy and effectiveness of the overall risk management framework and governance structures. The internal audit function reports directly to the Board Audit Committee & Compliance Committee.
The PNB Board Risk Oversight Committee is created by the PNB Board of Directors to assist the board to oversee the risk profile and approves the risk management framework of PNB and its related allied subsidiaries and affiliates. It is mandated to set risk appetite, approve frameworks, policies and processes for managing risk, and accept risks beyond the approval discretion provided to management.
The risk management policy includes:
- a comprehensive risk management approach;
- a detailed structure of limits, guidelines and other parameters used to govern risk-taking;
- a clear delineation of lines of responsibilities for managing risk;
- an adequate system for measuring risk; and
- effective internal controls and a comprehensive risk-reporting process.