RISK MANAGEMENT APPROACH & OVERSIGHT

The Board of Directors is responsible for the overall effective risk management and has a comprehensive risk management and
governance framework in place to effectively identify, evaluate and mitigate all risks undertaken in the achievement of long-term
strategic objectives of the Bank. The robust risk management platform ensures that sustainable value is created for all stakeholders.
The Board of Directors monitors the implementation of risk strategy, approves the risk acceptance criteria while ensuring that risks
are managed within tolerance level.

RISK GOVERNANCE

1 2 3 4
RISK RISK EVALUATION & RISK MANAGEMENT MONITORING &
IDENTIFICATION MEASUREMENT & RESPONSE REPORTING
Adequate and timely Risks are evaluated Mitigation plans are Clear and concise risk
risk identification to in terms of their deployed and tracked reporting requirements
ensure that risks are qualitative and against predetermined developed to put
appropriately quantitative impact. timelines with the management and the
categorized. necessary escalation BoD in a position of
processes in place making effective and
timely decisions.

The Bank’s comprehensive and integrated risk management governance structure consists of Board and management sub-
committees, with varying areas of responsibilities, in order to maintain sustained focus on monitoring and governance over differing
categories of risk within the following risk universe:

Allied Bank’s Risk Universe

Credit Market Operational Liquidity Capital Strategic Technology Reputational

Risk Risk Risk Risk Adequacy Risk Risk Risk
Risk
Risk that the Risk of a Risk of direct Risk that Risk that the Risk of an Risk arising Risk to the
Bank will potential or indirect the Bank is Bank has adverse from non Business
incur losses decrease in losses unable insufficient impact on -availability of caused by
owing to the stakeholder resulting from to meet its capital to strategic IT systems negative
failure of an s’ inadequate or financial support its goals. and Cyber effects, public
obligor or value due failed internal liabilities as growth or is threats perceptions
counterparty to Processes, they fall not able to disrupting and customer
to meet its adverse People, due. meet the Bank’s opinions and the
obligation to changes in Systems or statutory operations. damage
settle market external defined capital caused to the
outstanding prices events. requirements. Brand by failure
amounts. and rates, to manage
negatively Public
impacting Relations.
assets and
liabilities.
RISK & OPPORTUNITIES
Risk and opportunities and the related mitigating factors are summarized below;
Risk Key Source of Risk Mitigating Strategy Impact Area
Credit Risk Sovereign credit risk • Oversight is kept through guidance of Board of Directors and its Financial
on exposure to Public sub-committee “Board Risk Management Committee” as well Capital
sector enterprises (PSE) as through management committee of “Risk Management &
Compliance Committee (RM&CC)”.
• Public sector advances are generally secured by sovereign
guarantee or the equivalent from the Government of Pakistan (GoP).
• Certain PSEs have a well-defined cash flow stream and appropriate
business model, based on which the lending may be secured
through collaterals other than GoP guarantee.
Credit Risk Counterparty credit risk • Bank’s Risk Assessment and Management System (RAMS) uses Financial
on exposure to Private risk rating models, based on qualitative and quantitative factors, to Capital
sector advances and assign credit risk ratings to various categories of borrowers.
Interbank limits. • Credit worthiness of borrowers is analyzed on work-flow based
RAMS, with focus towards balanced assessment of credit risk and
identification of related proper mitigants.
• In respect of interbank borrowers, the Bank maintains eligibility
criteria that links exposure limits to counterparty credit ratings
(minimum credit rating of ‘A’)
• Concentration risk is monitored with obligor, group and sector
exposure limits and risk profile benchmarks.
• Automated ‘Watch-List’ categorization system facilitates to identify
deterioration in quality of loans.
• Country risk, exposure limits are in place that broadly captures direct
exposure on sovereigns and exposures on foreign domiciled counter
parties; limits linked to the sovereign ratings.
• Specialized team comprising engineers and industry experts
conducts technology assessments of obligors’ plant & machinery
and reviews the technical feasibility of projects and valuation reports.
Market Risk Risk associated with • Oversight is kept through guidance of Board of Directors and its Financial
fluctuations in interest sub-committee “Board Risk Management Committee” as well as Capital
rates, foreign currency through management committee – “Asset & Liability Committee
rates, credit spreads, (ALCO)”.
equity prices and • Comprehensive structure is in place aimed at ensuring that the
commodity prices Bank does not exceed its qualitative and quantitative tolerance for
market risk.
• Balanced approach towards risk taking in the market risk area while
keeping exposures within the defined risk acceptance criteria.
• Tools like Value at Risk methodologies, sensitivity measures, intraday
exposure limits, notional limits and loss triggers are monitored at a
detailed portfolio level.
• Extensive stress testing is performed to capture and report the multi-
dimensional aspects of market risk using automated solutions.
Operational Risk of inadequate / • Oversight kept through Board of Director’s sub-committee “Board Financial
Risk failed internal processes Risk Management Committee” as well as through management Capital
and losses caused by sub-committee of “Risk Management & Compliance Committee
external events. (RM&CC)”.
• BOD approved Operational Risk Policy
• Detailed documented procedures
• Adequate system of internal controls designed to keep operational
risk at appropriate levels
• Business Continuity Policy and Plan driven towards ensuring
provision of un-interrupted banking services in case of any
unforeseen emergency and/or natural calamities.
• Disaster recovery and evacuation plans were tested successfully
during the year.
• IT disaster recovery plans are tested on ongoing basis.
• Insurance coverages are in place for theft and damage to physical
assets.

Risk arising due to • Board of Directors’ oversight along with its sub committees “Human Human and
the unauthorized or Resource and Remuneration Committee” as well as through Intellectual
inappropriate employee management committees of “Human Resource Committee” and Capital
activity and failure to “Central Administrative Action Committee”.
adhere to staff policies • Recruitment, pre-employment screening, employer feedback/exit
interviews.
• Proactive staff engagement.
• Strong staff development programs in place combining e-learning,
in-house and external trainings programs.
• Insurance coverages are held for fraud and fidelity incidents.
• Whistle blowing mechanism is in place.

Risk arising from • Independent Compliance Group to ensure compliance with specific Financial
non-compliance regulatory requirements. Capital
with statutory and/or • Compliance Policies and procedures are in place.
regulatory provisions
applicable to the Bank
Liquidity Risks emanating • Oversight kept through Board of Directors and its sub-committee Financial
Risk from nature of the “Board Risk Management Committee” as well as through Capital
Banking business, management committee - “Asset & Liability Committee (ALCO)”.
from the macro factors • ALCO oversees the activities of treasury, which operates in terms of
exogenous to the an approved ALM policy.
Bank as well as from • Well-defined ALM triggers / limits, exposures against which are
internal financing and regularly monitored by ALCO.
operational policies. • Detailed Recovery Plan is in place which highlights the strategy
and critical tools for effective monitoring, escalation, planning,
and execution of recovery actions in the event of a financial crisis
situation.
• The Bank performs liquidity stress tests as part of its liquidity
monitoring activities regularly.
• Periodic gap analysis to re-profile the earning asset mix in
accordance with interest rate expectations as well as keeping asset
and liability mismatch within acceptable limits.
• Maintenance of appropriate marketable securities portfolio that can
be realized in the event of liquidity stress.
Capital Undertaking higher risks • Oversight kept through Board and its sub-committee “Board Risk Financial
Adequacy in view of more volatile Management Committee” as well as through management sub Capital
Risk and competitive financial committees of “Risk Management & Compliance Committee” and
markets. “Asset & Liability Committee (ALCO)”.
• The ALCO assesses capital adequacy on a quarterly basis, including
a historical and future capital positioning review and stress tests and
reports regularly to the BRMC.
• The Internal Capital Adequacy Assessment Process (ICAAP)
Framework is updated and reviewed annually.
• Policy of sufficient profit retention.
• Periodic extensive stress testing activity in line with SBP
requirements.

Strategic Improper • Oversight kept through Board of Directors’ and its sub- committee Financial
Risk implementation of “Strategic Planning & Monitoring Committee” as well as through Capital
decisions, or lack Management Committees namely “Management Committee”
of responsiveness (MANCO), “Risk Management & Compliance Committee” (RM&CC)
to evolving industry, and “Asset & Liability Committee” (ALCO).
economic or • Rolling 10-year strategic plan which is reviewed on annual interval
technological changes. basis along with operational plan to account for the evolving
economic and business dynamics; duly in consideration of the peer
banks
• The impact of events on the future direction of the business and
forecast results is constantly monitored and quantified.

Technologi- Risk arising from non- • Oversight kept through Board of Director’s sub committees Financial
cal Risk availability of IT systems, “E-Vision Committee” as well as through “IT Steering Committee” Capital
and disruptions due to (ITSC).
Cyber threats. • IT planning is conducted as part of the Bank’s strategic and
operational planning process.
• Systems audits, IT Security & Risk Assessments are performed for
system before deploying into production environment.
• Significant ongoing investments in systems and processes to protect
customer databases through robust information security (Info-sec)
platform
• Info-Sec’s Security Operation Center utilizes Security Incident and
Event Management (SIEM) solution to proactively monitor and
respond to security threats.
• Countermeasures against cyber threats included regular penetration
testing and vulnerability assessment.
• Continuous awareness programs for customers about cyber threats.

Reputation- Risk arising from any • Oversight kept through Board of Directors’ sub committees “Board Social and
al Risk action or inaction Risk Management Committee” as well as through “Management Relational
perceived by any Committee (MANCO)”. Capital
stakeholders to be • Formal customer grievance redressal policy, including policy and
inappropriate, unethical procedures on receiving customer complaints and resolution
or inconsistent with mechanism.
the Bank’s values and • Timely and efficient communications among all stakeholders.
beliefs. • Policies and procedures in place for securing digital payments
including protection of customers’ data