Risk Management and Control Framework
Objective and Principles
The primary purpose of risk management is to ensure the Bank’s long-term financial sustainability and operational resilience while enabling the CEB to fulfil its social mandate. The Bank thus endeavours to implement international best banking practices and promote sound and prudent risk culture across all its business lines.
The Bank is not subject to external supervision, but it nevertheless considers the relevant EU banking regulation, the recommendations of the Basel Committee on Banking Supervision (BCBS) and international best banking practices as the reference for its Risk Management Framework.
The foundation of risk management at the Bank is ruled by the following principles:
- To develop and foster a sound risk culture across the whole organisation
- To establish a risk appetite as a strategic decision tool for monitoring its risk profile
- To strive to implement all relevant best banking practices
- To identify, understand and assess all material risks inherent to the Bank’s activities, products, funding sources and transactions on an ongoing basis.
As an overarching instrument, the Risk Management Charter defines the objectives and principles of risk management governance at the Bank ensuring that risks are managed in an effective and consistent manner at all times and in all the CEB’s products and activities. It also establishes the Risk Management Framework, ensuring consistency with international best practices and prudential requirements and oversight of the implementation of the risk policies for identifying, assessing, consolidating, reporting, monitoring and managing risk exposures.
The Financial and Risk Policy (FRP) approved by the Administrative Council covers the main risks confronted by the Bank in its regular course of business, namely Credit risk, Interest Rate risk, Foreign Exchange risk, Liquidity risk and Operational risk. This policy is developed in the FRP “Guidelines” and the FRP “Handbook”, a living document translating the FRP into operational details and presented regularly to the Credit Risk Committee for information. In addition, the Risk Management Framework is regularly subject to re-assessment.
On a quarterly basis, the Financial Risks division reports to the Administrative Council and the Governing Board about the CEB’s exposure to the main types of risks and compliance with the prudential framework as defined internally.
Likewise, CEB’s annual Financial Report of the Governor describes the risk management processes and practices. This report contributes to external risk reporting and is also filed with the U.S. Securities and Exchange Commission on Form 18-K.
The Directorate for Risk and Control (R&C) is responsible for implementing the Risk Management Framework within the CEB and is independent from other operational and business directorates, reporting directly to the Governor. The different divisions within the Directorate for R&C are dedicated to specific risk areas: credit, operational market and liquidity risk.
The following decision-making committees, chaired by the Governor, are in charge of defining and overseeing risk management policies:
- The Credit Risk Committee (CRC) meets on a weekly basis and takes credit decisions in relation to lending and treasury exposure, based on internal credit risk assessments and recommendations.
- The Asset & Liability Committee (ALCO) meets on a monthly basis -or more frequently when necessary- to formulate strategic orientations and addresses, on a forward-looking basis, interest rate, foreign exchange rate and liquidity risk. Additionally, a Special ALCO addresses Asset & Liability Management and funding issues on a quarterly basis.
- The Committee for Operational Risks & Organisation (CORO) reviews operational risk issues on a semi-annual basis and ensures that measures are taken to mitigate, monitor and control these risks.
Controlling BodiesInternal Audit is a permanent, autonomous body within the CEB’s internal control system and risk governance. It provides independent and objective assurance of effective and controlled businesses, operational activities and performance in compliance with existing policies, procedures and best practices. It also proposes recommendations for potential improvements of CEB’s operations.
The Office of the Chief Compliance Officer(OCCO): is tasked with addressing money laundering / financing of terrorism and tax evasion risks, as well as integrity, corruption and fraud issues. OCCO safeguards the Bank’s integrity in its financial and loan operations, prevents reputational risks and promotes ethical business standards.
The Chief Information Security Officer (CISO) defines the Bank’s security policy by designing the security framework and developing processes across the CEB to reduce information and information technology (IT) risks.
In terms of external reporting, the External Audit is responsible for auditing the Bank’s financial statements according to IFAC professional auditing standards and for reviewing its internal control and risk management processes. The external audit drafts various reports, including the Opinion Report. It is appointed by the Governing Board for a four-year term and renewable once for a three-year term, following a tender procedure, based on the Auditing Board’s opinion and recommendations by the Administrative Council.
Additionally, the Bank is assessed by international rating agencies namely Standard & Poor’s, Moody’s and Fitch Ratings, which annually perform in-depth analyses of the Bank’s financial situation and long-term creditworthiness, and provide an annual rating
Owing to its excellent rating (AAA with Standard & Poor´s outlook stable, AA+ with Fitch Ratings, outlook stable and Aa1 with Moody´s, the Bank raises its funds on competitive terms, thus enabling its borrowers to significantly reduce the cost of the loans they take out to finance social projects.