The Bank faces various risks arising from its day-to-day operations. Managing risk is therefore a core activity within the Bank. The key to effective risk management is a process of on-going identification of significant risk, quantification of risk exposure, action to limit risk and constant monitoring of risk.
The Board of Directors is ultimately responsible for the Bank’s risk management framework and ensuring that satisfactory risk management processes and policies for controlling the Bank’s risk exposure are in place. The Board allocates risk management of subsidiaries to the relevant subsidiary. For the parent company (the Bank) the Board sets the risk appetite, which is translated into exposure limits and targets monitored by the Bank’s Risk Management division.
The CEO is responsible for sustaining an effective risk management framework, policies and controls as well as maintaining a high level of risk awareness among the employees, making risk everyone’s business.
The Bank’s Risk Management division is headed by the Chief Risk Officer. It is independent and centralized and reports directly to the CEO.
The Bank operates several committees to manage risk. The Board Audit and Risk Committee (BARC) is responsible for supervising the Bank’s risk management framework, risk appetite and internal capital adequacy assessment process (ICAAP). The Asset and Liability Committee (ALCO), chaired by the CEO or his deputy, is responsible for managing the asset-liability mismatch, liquidity risk, market risk and interest rate risk, and capital management. The Underwriting and Investment committee (UIC) decides on underwriting and principal investments. The Bank operates four credit committees: The Board Credit Committee (BCC) which decides on all major credit risk exposures; the Arion Credit Committee (ACC) which operates within limits specified as a fraction of the Bank’s capital; and the Corporate Credit Committee (CCC) and Retail Branch Committee (RBC) which operate within tighter credit granting limits. There are also five valuation committees whose role is to establish criteria for estimating collateral and also to inspect valuations of securities owned by the Bank.
The most significant risks the Bank is exposed to are credit risk, including concentration risk, liquidity risk, currency risk, interest rate risk, legal risk and operational risk. The Bank’s Pillar 3 Risk Disclosures 2014 report discusses risk factors and risk management in detail.
Internal capital adequacy assessment process
The Bank carries out an Internal Capital Adequacy Assessment Process (ICAAP), with the aim of ensuring that the Bank has in place sufficient risk management processes and systems to identify, manage and measure the Bank’s total risk exposure. The ICAAP is aimed at identifying and measuring the Group’s risk across all risk types and ensure that the Group has sufficient capital in accordance with its risk profile. The Financial Supervisory Authority (FME) supervises the Group, receives the Group’s internal estimation on the capital adequacy and sets capital requirements for the Group as a whole.
The Group is subject to capital requirements which are specified by the FME following the Supervisory Review and Evaluation Process (SREP). The Group’s capital base exceeds the FME's SREP requirements.
Credit risk is defined as the current or prospective risk to earnings and capital arising from the failure of an obligor to discharge an obligation at the stipulated time or otherwise to perform as agreed. Loans to customers and credit institutions are by far the largest source of credit risk.
Strong and improving mortgage portfolio
Mortgages are a core product for Arion Bank. The mortgage portfolio represents 37% of the total loan portfolio at the end of the year, up from 12% since the end of 2010. The key to the growth of the mortgage portfolio was the acquisition of a mortgage portfolio from Kaupthing in 2011 and the settlement of the Drómi bond in 2013, coupled with strong organic growth via new mortgage lending. The Bank has been at the forefront of the mortgage market, offering for example, non-indexed mortgages in ISK. At the end of 2014 non-indexed mortgage loans represented 24% of the mortgage portfolio, the remainder being CPI-linked loans.
The quality of the mortgage portfolio has been steadily improving with lower average loan-to-value and a reduction in default rates. Higher default rates among loans in the Drómi transaction did, however, raise the average mortgage default rate in 2013.
At the end of 2014, 68% of the mortgages, by value, had loan-to-value below 80% compared with 61% at the end of 2013. The great majority of mortgage property is located in the Greater Reykjavík area or 74% of the portfolio value.
Well diversified loan portfolio
Loans to customers are well diversified. Loans to individuals represent 50% of total loans to customers, of which 83% are due to mortgages. The corporate portfolio is mainly in three sectors: real estate and construction, fishing, and wholesale and retail trade, which represent 25%, 23% and 17% of the corporate portfolio respectively. Although sector diversification is good, some single name concentration remains.
Single name concentration decreasing
At the end of 2014 the Bank had two exposures to related parties that exceeded 10% of the capital base (so-called large exposures), compared with five large exposures at the end of 2013. As seen in the following diagram, the sum of large exposures, net of eligible collateral, fell from 87% of the capital base in 2011, to 24% in 2014. The sum of related exposures exceeding 2.5% of the capital base has also decreased – was 88% at the end of 2014 compared with 143% at the end of 2013. The largest exposure to a group of related parties at the end of 2014 was ISK 25 billion before accounting for credit risk mitigation of eligible collateral.
Collateral coverage of loans to customers
The collateral obtained by the Bank is typically mortgages over residential properties, charges over commercial real estates, fishing vessels and other fixed and current assets, such as cash and securities. The Bank places emphasis on collateral maintenance, valuation and central storage of collateral information. At the end of 2014 loans to customers (gross value ISK 674,189 million) are secured by collateral valued at ISK 457,581 million, giving a collateral coverage ratio of 81%, but as shown in the following diagram this ratio varies between different sectors. Collateral held at year end is primarily real estate, making up 73% of total collateral.
Loan book quality is steadily improving
The Bank defines Problem loans as loans that are more than 90 days past due and loans that are past due but individually impaired. The ratio of problem loans has steadily decreased since its peak in 2010 mostly due to the progress made in problem-loan restructuring and the resolution of the legal uncertainty surrounding FX loans. Approximately half of problem loans are 90 days past due but are not impaired due to sufficient collateral. Out of 4.4% of problem loans, 3.8% are secured by tangible collateral.
Operational riskOperational risk is defined as the risk of direct or indirect loss, or damage to the Bank’s reputation resulting from inadequate or failed internal processes or systems, from human error or external events that affect the Bank’s image and operational earnings. Reputational risk, IT risk and legal risk are among others, considered sub-categories of operational risk.
Each business unit within the Bank is responsible for taking and managing its own operational risk. The Bank’s Operational Risk department is responsible for developing and maintaining tools for identifying, measuring, monitoring and controlling operational risk.
- Loss Data Collection
- Risk and Control Self-Assessment
- Key Risk Indicators
Loss data is collected, analyzed and recorded by Operational Risk as well as data which could have resulted in a loss. Serious events are analyzed more thoroughly to find a root cause and to devise ways of reducing the likelihood of such events reoccurring. The total amount of loss events in 2014 was ISK 245 million and the number of events was 994.
Key risk indicators are regularly monitored and these can indicate when risk is increasing and exceeding the risk appetite. Reporting to the senior management is based on factors such as loss data, the results of RCSA and key risk indicators.
The management of IT and data security is the responsibility of the Security Officer. With the number of channels to interact with customers greater than ever before and rapid technological developments, the potential for risk relating to data and IT security has increased. In order to respond to these changes the Bank has strengthened its efforts in managing data and IT security.
The Bank uses the Basel II Basic Indicator Approach to calculate the capital requirement for operational risk. The capital requirement for operational risk in 2014 was ISK 6,577 million.
MARKET RISKMarket risk is the risk that price changes and interest rate changes will affect the value and cash flow from the Bank’s financial instruments. The main types of market risk are interest rate risk, equity price risk and foreign exchange risk.
Interest rate risk is primarily related to the fact that in part of the balance sheet there is a mismatch between interest-bearing assets and liabilities and a gap in interest-fixing periods. Generally the value of the Bank’s fixed-interest assets is higher than the value of liabilities with the same interest-fixing period as the Bank is primarily funded with deposits. An increase in market interest rates would therefore have a negative effect on the Bank’s earnings. The Bank has reduced this risk by issuing covered bonds and by offering its customers loans with variable interest rates.
The net position of the Bank’s inflation-indexed assets and liabilities is ISK 85.1 billion. The indexation imbalance increased in 2013, primarily as a result of the Bank’s takeover of loans in connection with the Drómi bond. The increase in 2014 is largely due to the payment of structured covered bonds, but this is counterbalanced by the issue of new indexed covered bonds towards the end of the year.