The company that I have chosen is Emirates NBD where I’m currently working in. The company has achieved successful improvement in credit card department in last year with a successful upload 10,000 cards during year end. It had reached the highest ever card sales however the company has decided to go a step further by increasing its target upload of credit card 15k in month of February. This increased proficiency at the front office of the bank where customers made their credit card applications. Then, these extended to banks operational and processing units, and finished when the customer received their new card through the client’s associate business. Delivering customer service excellence was strategically important to this client’s, so helping them achieve it was strategically good for bank. And best of all, it meant happier customers who got their credit cards faster keeping risks control checked .In the long run too bank wants to continue with the customer service excellence. Since the recent credit crisis which had taken place internal control of the department have been monitored extensively so that it does not affect with its target for the month. The case will critically analyze the risk management framework of the banks and the risks that bank typically faces.
About the company
The bank one of the leading ones in 2007 was formed in a merger between emirates bank international (EBI) and national bank of Dubai (NBD). It is a market head across many business positions and the foremost retail banking franchise, having more than 200 branches across the country and abroad. The bank is also a leading player in the corporate banking field. With fast increasing banking associated entities, huge investment and banking services and a control in the field of asset management products and brokerage services. It is well placed to grow and deliver exceptional value to its shareholders, customers and employees. The Group has operations in the UAE and other countries. (Emirates NBD Bank PJSC, 2015)
Company structure ‘ The Board of Directors meets monthly and it consists of 9 well known members of the local business society, all leaders in their industries.The Board’s authorization covers a formal program consisting of on the whole strategy and management, corporate structure, sanction of the annual report, internal controls, financial reporting and controls agreement of dividends and group risk management.There are a number of non-executive directors on the Board and the Executive Team monitors the group performance and makes group decision within limits with the delegation of board of directors. Decision includes day to day running of the business, growth strategy. (Emirates NBD Bank PJSC, 2015)
Mission of the company
The mission of the company is making clients life easier by providing solutions that help them achieve their financial aspiration. They do this by staying constant, reliable and committed by providing access to banking and helping clientele making informed decisions about their financial needs. The companies take up any issues or complaints and ensure timely resolutions. The company wants to achieve long- lasting relationship with the consumers by providing them with the right products and services (Emirates NBD Bank PJSC, 2015)
Objective the company
The main objective of the bank is to improve shareholder returns and take lead of the selected growth opportunities which also includes delivering outstanding customer experience, structuring a high performance organization, driving core businesses, running an efficient organization and driving geographic expansion in accordance to the bank statement. (Emirates NBD Bank PJSC, 2015)
Key strategies bank is implementing to achieve its objectives:-
1) Providing outstanding customer experience :
‘ Through enhanced service and product assistance
‘ compel front line behavior change
‘ strengthening banks position as a market leader by means of best mobile banking services
2) Construct a high performing organization
‘ increasing local leadership ability
‘ Enhanced reward management
‘ persist on raising Employee Engagement point
3) Enhance core business
‘ compel benefit growth through the fast growing Retail license
‘ spread loans portfolio to comprise broader depiction of sectors and markets
‘ boost fee and commission income
4) Run an well-organized organization
‘ compel digital channel implementation to lesser transaction overheads
‘ build up strong risk and compliance background to meet improved regulatory standards
‘ rationalize method and procedures in key business units
5) Drive geographic expansion
‘ Complete systems incorporation in Egypt
‘ increase growth in present international markets by concentrating on trade and further opportunities
Key stakeholders in the company
Internal stakeholder – Staff and boards
External stakeholder – Shareholders, UAE regulators, clientele, foreign regulators, media, ranking agencies, forecaster and suppliers.
Other details: legal advisors, General public, accountant, investment banks, and other advisors.
Relationship between the business and the environment
The group makes it significant to attain its aim of generating long-term value for all stakeholders. Authority frameworks facilitate the Group to lessen risk with attaining its strategic objectives. Simplicity and responsibility are central to the business, making certain that the controls necessary for efficient risk management and correct revelation of information and regulatory fulfillment to the market are in place. The group encourages exceptional professional relationships both internally such as the Board, its group and its Management team externally i.e. with shareholders, regulatory bodies, the Central bank and the business the Group operates in. The Group abides by all global banking system, central bank rules and conditions. The group accurate risk and capital management fully abide by Basel II requirements and all operations comply with Anti Money Laundering laws. (Emirates NBD Bank PJSC, 2015)
Context of risk management framework overall in a bank and credit risk management
Brief Context of risk management framework in the bank
The framework defined by Group Risk Management for the management of risk across business functions considers:
a) Responsibility for promoting awareness of risk management.
b) Mechanism for assessing the state of risk management
c) Responsible for improving risk exposures
d) Mechanism for monitoring and reporting the state of risk management
1) Awareness ‘ training and communication
It is one of the key components for identifying and taking appropriate action to mitigate risks. Ongoing training and communication of the threats to the business are essential component of risk mitigation.
Group Risk management will
a) Promote an risk awareness culture
b) Ensure appropriately skilled resources are made available to support business
c) Provide risk training regarding legal and risk related issues.
2) Assessment- The assessment of risk is based on the identification of risk in the business , the impact and severity of those threats and evaluation of control: The Business Unit Management should ensure that
a) Risk is assessed within a formal risk management methodology
b) The inherent risk or business risk associated with the business functions and processes under their control are adequately addressed
c) The financial cost of controlling the risk is balanced
d) Procedures are in place to ensure the Group Risk Management is addressed when new risk is identified
e) Incidents of risk and losses are recorded
3) Improvement ‘ risk management is a continuous process. Business Unit Management must consider
a) The appropriateness of counter measures in place particularly the need for improved measure to address control failure or the relevance of measures in an over controlled areas
b) Ensure feedback from internal operational reports is effectively assessed and controlled
c) Procedures in place to ensure all critical systems are critically reviewed.
4) Monitoring and reporting ‘ the reporting process is critical to ensure that the control of the management of operational risk is maintained and that issues are escalated correctly.
a) At strategic level ‘ Group Risk Management should be informed by both the executive directors and senior management of any development in organizational strategy that may have significant effect on the risk associated with the group.
b) At operational level ‘ business unit heads with each business should be informed by its own management at the earliest possible dates regarding :
1) Significant proposed new or amended operating procedures , products , computer systems or application
2) Evidence or suspicion of material or potentially material internal fraud , employee dishonesty or any situation where deliberate or negligent employee conduct has compromised the security of company assets
3) Evidence or suspicion that a control weakness has placed company assets or resources at risk to external fraud or threat.
Brief context of the credit Risk management Framework in the Department
Credit risk is described as the possible loss due to the breakdown of an opposing party to meet its obligations to pay the Group within agreement terms. The Exposure arises from both the banking and business books. The risk is administered through a framework that puts out procedures and policies covering the extent and administration of credit risk. There is a clear separation of duties between transaction and approvers in the Risk job. The limits are agreed within a distinct credit approval authority. The Group administers its exposures following the standard of diversification across products, client, geographies, and customer segments.
Credit policies and Approvals – The credit policies and standards are considered and approved by the Group Risk Committee, who also supervises the delegation of credit approval and loan impairment provisioning authorities and the retail exposures are approved by group credit committee.
Credit monitoring (internal and external risk environment)
Internal risk management reports are presented to risk committees, containing information on key environmental, political and economic trends across major portfolios and countries.
The Banking Credit Issues Forum who derives its authority from the Group Risk Committee. They meet often to review the impact of external proceedings and development on the credit risk portfolio and to describe and implement response in terms of appropriate changes to underwriting standards, procedures and policies of risk.
Credit risk mitigation
Possible credit losses from any given, customer, account or portfolio are lessened using a range of tools such as netting agreements, collateral, credit insurance, derivatives and other guarantees.
Consideration of risk assessment
The general outline of risk management framework is a tradition way how the group manages its risks. However bank should have a well developed risk framework or assessment which will help the group to identify the risk profile. This intern will help the bank to apply risk management processes to lessen the risk. A brief suggestion or changes to risk assessment process it would help guide the bank in making better decisions in identifying the risks and mitigating. The risk assessment should provide a complete analysis of the risks in a short and prepared presentation, and should be communicated with all business lines across the bank, board of directors, management, and suitable employees also to be reduced to writing. The development of the risk assessment usually involves in identifying the exact risk categories such as the products, customers, services, and geographic locations which are unique to the bank and also perform a more detailed analysis of the information identified to better review the risk within these groups. Also credit risk management must be assessed so as to gain better investment decisions and these decision should be made by complementary the risk and returns.
Identification of risks
The first step is to identify the specific products, customers, services, entities, and geographic locations exclusive to the bank. Many attempts in money laundering and other illegal activities can emanate from various sources such as these and as such no risk is same hence bank should prepare a proper risk assessment. Various factors, such as the number and volume of transactions, geographic locations, and nature of the customer relationships, should be considered when the bank prepares its risk assessment. The expanded sections in this manual provide guidance and discussions on specific lines of business, products, and customers that may present unique challenges and exposures for ENBD which may need to institute appropriate policies, procedures, and processes
Products and Services
The number products and services offered may cause a higher risk of money laundering or terrorist financing depending on the nature of the specific product or service accessible. Some of these products and services are: Electronic banking, , asset management services , Private banking , Trade finance, , Foreign exchange and correspondent accounts and Special use or concentration accounts and Lending activities .
Customers and other organizations
At this stage it is essential that banks work out decision and neither defines all customer are having the same level of risk. Below mentioned are the specific customers and entities that can provide guidance and discussion:
1) overseas monetary establishment, including foreign currency services providers
2) Non banking financial institutions such as the casino and club cards
3) Non-resident applicant
4) Foreign organization and brokers,
5) Non-governmental organizations and charities
Recognizing geographic locations that may cause a higher risk and that bank should comprehend and evaluate certain risk associated with doing business which involves certain geographic location. High risk locations can be domestic or international.
Analysis of Specific Risk Categories
This step gives group a better understanding of the risk profile in order to expand the suitable policies and procedures to lessen the on the whole risk. Particularly, the analysis of the information the bank should consider the following factors:
1) The nature of the account
2) Account activity of the customer
3) Location of the customer
4) Products and services that are used by the applicant
Implementing design control on the risk
The group should have a necessary risk control program to monitor these risks which was identified by the risk assessment. banks need to understand the exposure and develop procedures and policies to mitigate the risk of the categories of risk identified above .internal audit should review the banks risk assessment and also to promote staff training to provide awareness on risks involved in the bank . Those that contain a higher risks should have a more vigorous risk control program and to be monitored by the board.
Risk Treatment ‘ the options for risk treatment
1) avoid the risk by not starting or discontinuing the activity
2) accepting the level of risk in return the business unit
3) reduce the risk by changing the consequence or likelihood through improved or additional controls
Below is the risk tolerance and ratification:
Risk exposure Total exposure Risk acceptance Acceptance rectification
high Above 25 million Business line member Board and GRC
medium Below 8 million Business line member Head of group risk
low Below 1 million Head of business unit Head of group risk
Risk communicating and reporting
Which includes notification and emerging risk, issues and incidents, within a unit to Group risk and to the respective committees and is conducted on a periodic and formal basis. It ensures that risk is treated appropriately and accountability is assigned and understood.
Risk monitoring and Review
The overall responsibility of managing risks resides with the board of the director. To ensure consistency and prudent management of risks the responsibilities have been subdivided between governance bodies of the organization:
1) The board risk committee (BRC) ‘ defining the overall governance of operational risk of behalf of the board of director
2) The group risk committee- an oversight body for operational risk at the organizational level.
3) Group operational risk ‘ defining group wide framework for the management of operational risk
4) Business , support and control function ‘ responsible for the identification , measurement , daily management
5) Group internal audit ‘ reviewing the adequacy of the operational risk framework.
Principles of managing risk
These groups follow the guidelines in managing the risks:
a) The risk is owned and directed by the business and support functions
b) All employees with supervisor responsibility ensure effective management of risk with the scope of their organizational responsibility.
c) Each staff has the responsibility to prevent , identify and report operational risks
d) risk is managed in a transparent manner and positive risk reward basis
Risk assessment techniques
Below is the risk matrix for the calculation of the risks and hence a risk registered is prepared
Severity level Consequence type
Financial Health and safety Legal risk reputation
HIGH >100 M Severe effect in workers’ health medical help required for >20 ppl Critical losses due to legal changes Major loss in reputation
MEDIUM <8M low effect in workers’ health medical help required for >10 ppl Major Losses due to legal changes Significant media concern
LOW <1M No medical treatment required Less legal issues Minor media concern
narrative Probability score amt
High More Likely to occur >80% 3
Medium Could happen >40-80% 2
Low Less likely to occur <40% 1
Impact High 3 3 6 9
Medium 2 2 4 6
Low 1 1 2 3
1 2 3
Low/ less likely to occur Medium/ Could happen High/ likely to occur
narrative situation Score amt
H Very serious malfunction that involves important rework, alteration or re-examination 3
M Serious malfunction that causes added work and re-examination but restrain able 2
L Marginal Cause has some effect which requires rework or re-examination but easily dealt with 1
Risk Category & Action plan
Very serious Risks – directly supervise and development of back up plans
Serious Risks – observe and supervise to lessen specific risk
Minor Risks less risk managed by supervisor lesser impact