Risk Management at al khaliji is fully independent from the commercial lines of business. The Group Chief Risk Officer reports directly to the Group Chief Executive Officer with an indirect reporting line to the Board Compliance and Risk Committee (CRC).
The main responsibilities of Group Risk Management are to oversee all credit and counterparty risk, market risk, liquidity risk, IT & physical security risk, and operational risk matters, including business continuity, fraud risk, and insurance; and to ensure compliance with local and international regulations and practices.
The Group’s risk management is supported by an effective Risk Management Framework approved by the Board CRC and is supported by a robust set of policies, procedures and supporting documents. The proper controls to identify, measure, and manage risk are overseen by a technically skilled team.
The Credit Risk Management function at al khaliji covers credit underwriting for Wholesale Banking and Personal Banking, and the collection and remedial management function. The credit policies and approval authorities are approved by the Board CRC with primary execution delegated to the Group Credit and Investment Committee and credit committees in each of the regions of the Group.
Credit Risk Management serves an important control function by segregating credit analysis and assessment from the business functions. Credit analysis is an integral part of the approval process, and al khaliji requires each credit that is not governed by product programs to be analyzed by a standard process and assigned a risk rating. In addition, credit portfolios are monitored across the Group and at the regional level to ensure any concentrations are in line with the Group’s risk appetite and regulatory limits.
The Market Risk Management function at al khaliji forms part of the Treasury Risk Department, which also incorporates the Liquidity Risk Management, Product Control, and Middle Office functions. These functions are independent of the Bank’s business units, including Treasury, thus ensuring clear segregation of duties in order to avoid conflicts of interest.
The Market Risk Management function identifies existing and potential future market risks through active day-to-day portfolio monitoring and reporting, and through ongoing engagement with the business areas. Additionally, Market Risk Management performs regular stress tests of the Bank’s positions subject to interest rate and FX (Foreign Exchange) risks, and provides analysis for new products and investment proposals, which includes identification of potential risk exposures, as well as suitable modeling and valuation techniques.
The Liquidity Risk Management function, part of the Treasury Risk Department, is independent of all business functions, including Treasury, and is responsible for the management of the Bank’s liquidity and funding risks. The function has been a key factor in maintaining adequate liquidity and managing the funding profile, while also supporting the liquidity planning and decision making process.
Liquidity Risk Management provides extensive analysis and reporting on operational liquidity at an intraday level, as well as tactical liquidity dealing with access to funding sources. An additional strategic perspective encompasses the maturity profile of all assets and liabilities. Stress tests based on internal and regulatory requirements are also conducted to complement regular liquidity analysis.
al khaliji is aligned with QCB Basel III guidelines incorporating the calculation and reporting of the LCR (Liquidity Coverage Ratio) and NSFR (Net Stable Funding Ratio) on a Bank and Group basis.
Operational Risk Management (ORM) comprises of Operational Risk Management, Fraud Risk Management, Business Continuity Management (BCM) and Insurance Management.
The ORM function is responsible for measuring, monitoring, and reporting operational risks using tools for Incident Management, Loss Data Collection, Risk and Control Self-Assessment (RCSA), and Key Risk Indicator (KRI).
The primary objective of Fraud Risk Management is to reduce the risk of fraud and misconduct occurring within the Group, using an effective, business-driven fraud risk management process across the Group and focuses on three major principles: fraud prevention, fraud detection, and fraud resolution.
BCM supports the Bank in the event of an emergency, and provides plans and procedures to recover key business processes in a well-structured manner following a disruption or emergency. The BCM Framework is in compliance with Qatar Central Bank regulations and ISO 22301. All businesses and functions within the Bank possess a Business Continuity Plan (BCP), consisting of structured procedures for continuity of business following a disaster. BCM plans and procedures are subject to rigorous periodic tests and exercises to ensure seamless execution and are certified by QCB on an annual basis.
The Bank’s Risk Transfer framework is an integral part of the Operational Risk Management framework and benefits the Bank by improving risk coverage in the insurance contracts. Annual reviews (RCSAs) are conducted to map the operational risks faced by the Bank to the applicable insurance contracts in order to ascertain levels of coverage, should risks materialize.
The Enterprise Risk Management (ERM) function is primarily responsible for risk analytics and portfolio management of the Group, including all matters related to Basel requirements. ERM also ensures that there is a robust Internal Capital Adequacy Assessment Process (ICAAP) that reviews the Bank’s risk framework and governance, risk measurement tools and models, and capital adequacy to ensure all the risks of the Bank are assessed adequately.
ERM also developed and maintains the stress testing program to measure the impact of credit, market, and liquidity stresses on the capital, funding, and earnings position of the Bank. The stress testing methodology and framework, along with the ICAAP, follow international best practices.
The Security Management function uses an Integrated Security Model, encompassing both IT and Physical Security, and provides direction, management and functional leadership for security within the al khaliji Group. It acts as the enterprise-wide focal point for security matters.
The Security Management function is responsible for ensuring an effective security program at al khaliji, performing periodic threat and risk assessments (including network penetration testing and system security analyses), providing security guidance in the design of technology solutions, compliance with relevant regulatory and operational requirements, deployment of security tools for identity management, network security management, malware protection, and cryptographic controls.