Pillar III report 2017

Transcription

1 Sbanken PILLAR III REPORT 2017 Pillar III report 2017 sbanken.no 1

2 Page Content Introduction, Capital Adequacy, Regulatory requirements Capital management ICAAP stress tests Risk management, Organisation of risk management Risk areas Credit risk Market risk Liquidity risk Operational and compliance risk Strategic and commercial risk, Remuneration, Status exposure 31 December INTRODUCTION In this report, Sbanken ASA provides information about risk and capital management in accordance with the requirements governing publication of financial information pursuant to the Capital Adequacy Regulation, and with reference to Sbanken s investor relations policy which is published on the Bank s website. This document has been prepared in order to provide the market with information about Sbanken s risk and capital management. This document is updated each year in connection with the preparation of the annual report, while information on capital adequacy and minimum requirements for regulatory capital is updated each quarter and presented in a separate Annex. 2. CAPITAL ADEQUACY 2.1. Regulatory requirements Capital adequacy is defined as follows: Regulatory capital Capital adequacy = Risk weighted assets Regulatory capital can be split into the following capital categories: CET1/Core Tier 1 Capital instruments classified as equity in the financial statements Other Tier 1 Capital for example perpetual bonds Tier 2 Capital for example subordinated loans The terms required for equity instruments to qualify as regulatory capital are stated in of the Calculation Regulation (Norw. Forskrift om beregning av ansvarlig kapital for finansinstitusjoner, oppgjørssentraler og verdipapirforetak). The Calculation Regulation also states the rules for deductions from and additions to regulatory capital. calculation basis for operational risk. At the end of 2017 Sbanken ASA had no exposure included in the risk weighted assets for market risk. The requirements for capital adequacy comprise a minimum requirement of 8 per cent. In addition, there are requirements for a capital conservation buffer, systemic risk buffer, buffer for systemically important institutions and a counter-cyclical capital buffer. The buffer requirements can vary over time and will increase if a bank is classified as a systemically important institution. The minimum requirement for capital adequacy of 8 per cent must be covered by a minimum of 4.5 per cent CET1 Capital, and a minimum of 6 per cent Core Capital (CET1 Capital plus Other Tier 1 Capital). The buffer requirements must be covered by CET1 Capital. In June 2016 the Financial Supervisory Authority (FSA) issued Circular 12/2016 Finanstilsynet s (the FSA s) methodologies for assessing risk and capital requirements which describes the FSA s method for assessing institutions overall risk levels and accompanying capital requirements, and divides the banks into five groups based on size, complexity, scope and the degree of risk the banks represent for the financial system. Sbanken ASA is categorised in Group 2, cf. Circular 12/2016. This means that every two years the FSA will perform a detailed inspection and provide a formal response, unless specific conditions imply otherwise. The response will be based on Sbanken s filed risk and capital adequacy assessment (ICAAP) and the FSA s risk assessment. Based on Sbanken s ICAAP , the Bank received a risk and capital adequacy assessment from the FSA in December 2016 in which they set an individual Pillar 2 requirement for the Bank of 1.2 per cent to cover risks not provided for or only partly provided for by Pillar 1 requirements. Risk weighted assets stipulate a risk-weighted exposure amount calculated in accordance with the Capital Requirements Regulation (Pillar 1). The calculation basis comprises the following components: Credit risk Operational risk Market risk The requirements governing capital adequacy for banks are laid down in 14 1 of the Norwegian Finance Institutions Act. Sbanken ASA uses the standard method to establish the calculation basis for credit risk and the basic method to establish the Figure 1 CET1 regulatory minimum 1.2 % 2.0 % 3.0 % 2.5 % 4.5 % % Pillar 2 Countercyclical buffer Systemic risk buffer Conservation buffer Minimum equity ratio 2 3

3 2.2. Capital management Sbanken ASA s capital management procedures are designed to ensure that the Bank s capital remains within the limits set by the Board of Directors. The Bank shall have sufficient capital to ensure that the Bank can fulfil its commitments as well as have sufficient capital to be able to take the risks necessary to earn a satisfactory return on capital and facilitating growth. The Bank s solvency must be unimpeachable; however, it is necessary to strike a balance between high capital adequacy levels and return on equity. In order to achieve this balance, the Bank has established targets for capital adequacy, along with principles for measurement, management and ongoing control of the Bank s capital adequacy. The Bank is exposed to a number of inherent risks with respect to capital adequacy, including: Changes in the regulatory framework for capital; Changes in public policy which result in specific amendments to the Bank s capital requirements; The impact of the macroeconomic environment on the Bank s credit risk profile; Internal factors such as operational errors in cal culating and projecting required capital or being unable to implement the business plan due to internal and/or external factors. The Bank takes a number of mitigating actions with respect to capital risk, including the following: The Bank manages capital according to a risk appetite and policy framework approved by the Board of Directors, including risk limits that are monitored and reported to management and the Board of Directors. Central to this framework is ICAAP, by which all the risk factors the Bank is exposed to are measured, and capital is allocated for each risk factor. This process ensures that the Bank is adequately capitalised. The Bank carries out a number of stress tests with the aim of ensuring that the Bank is able to operate within its risk appetite, including in stress situations, further described in chapter 2.3 below. The Bank has contingency plans to ensure that the Bank is able to handle a stress scenario in which its capital adequacy deteriorates. The Bank s capital planning takes into account regulatory requirements. The Bank operates a rigorous investment planning and approval process with the objective of ensuring that the Bank s investments are aligned to delivery of the Board of Directors strategy and risk appetite. The Asset and Liability Committee (see section 3) also reviews the execution of these plans on a regular basis. Sbanken s Policy for Capital Adequacy describes the Bank s ICAAP (Internal Capital Adequacy Assessment Process). The ICAAP forms the basis for the assessment of future capital requirements and opportunities to pay dividends. The process ensures that the Bank maintains sufficient capital adequacy based on the risk to which it is exposed, cf first para of the Norwegian Finance Institutions Act. The FSA can also instruct the Bank to maintain more capital than the minimum requirement for capital adequacy pursuant to 14 6 third para of the Norwegian Finance Institutions Act. Figure 2 Annual cycle for ICAAP ICAAP reviewed by Board of Directors Capital planning The evaluation of future capital requirements in the ICAAP report is aligned with the business plan, including the growth strategy, dividend policy and potential new equity issues. The purpose of evaluating future capital requirements is to ensure that the Bank is able to maintain the established levels of capital adequacy during the entire planning horizon covered by the business plan. The management target for capital adequacy shall primarily be established based on the following processes/methodology: 1. Aggregate capital requirement: the Board of Directors assessment of the capital requirements necessary to cover minimum requirements for capital adequacy (Pillar 1), risks that are not covered by statutory requirements (Pillar 2), and capital requirements to cater for flexibility, growth and other considerations. 2. Testing the targets for capital adequacy under stress: the targets shall be high enough to ensure that the company, after responding action has been taken, remains within the regulatory capital requirements in a hard stress scenario (Pillar 2). At the end of 2017, the Bank had a core Tier 1 capital ratio of 14.7 per cent and total capital ratio amounting to 18.1 per cent while the target for core Tier 1 capital ratio was 13.5 per cent and 17 per cent for total capital ratio. Sbanken had a leverage ratio of 6.1 per cent at the same time. Figure 3 Sbanken ASA s capitalisation % 500 CET 1 capital available for Pillar 2 requirements and future capital requirements 2.7% % Group s capital planning. The existing framework covers significant risks the Group is, or may be, exposed to and shows projections of the Bank s capitalization and liquidity position in scenarios covering significant macroeconomic stress. The stress test is based on three scenarios, where the Base case scenario corresponds to the Bank s financial plan. Medium stress and Hard stress show the Bank s performance in two scenarios with different degrees of deteriorating macroeconomic environment. Given implementation in 2018, the IFRS 9 standard has been taken into account in the scenarios. The medium stress scenario in ICAAP corresponds to the negative IFRS 9-scenario and is given a 20 per cent weight when estimating expected loss within the IFRS 9-framework. The ICAAP hard stress scenario provides a significantly stronger negative shock and shall ensure that the capital level is sufficient to withstand a period of unexpected losses. Given Sbanken s portfolio, consisting of over 90 per cent exposure to immovable property, the development in house prices and unemployment is likely to have the most impact. A reversed stress test is also conducted to substantiate what levels of stress the Bank can tolerate before breaching minimum capital requirements. The hard stress scenario in the 2017 stress test includes weak economic performance internationally and a sharp downturn of national GDP which substantially increases the unemployment rate. Housing prices are assumed to fall by 30 per cent in 2018 and 7 per cent in National GDP is reduced by 2.5 per cent and 2.3 per cent in 2018 and 2019, respectively. The unemployment rate increases from 4.3 per cent in 2017 to 8.3 per cent in Figure 4 ICAAP stress tests - scenarios Pillar 1 risks and capital Pillar 2 risks and capital Base case Stress case Capital requirements and capital plan Annual evaluation of contingency plan Independent evaluation of ICAAP November December January February Minimum CET1 of 12.0% NOK ~4.0 bn. required Base case Medium stress Hard stress Change Housing prices -4.8% -1.2% 1.2% -8.2% -7.8% -3.1% -30.0% -7.0% 0.0% GDP-growth 1.8% 2.2% 2.3% -1.4% -0.6% 3.6% -2.5% -2.3% 1.0% Unemployment level 4.1% 4.0% 3.9% 4.8% 6.6% 6.5% 7.0% 8.3% 7.0% Credit growth 6.3% 6.1% 5.9% -1.0% -0.5% 1.5% -2.0% -2.5% 1.0% Annual evaluation of frameworks and targets Strategy and budget process If necessary, any revision of ICAAP based on half-year figures October September August July June May March April CET 1 Tier ICAAP stress tests Tier 2 Total Capital Stress tests are performed at least once a year in connection with the ICAAP process and is presented to the Board. The stress tests form the basis of the The Bank s performance is simulated over a period of three years. Despite households deleveraging in the hard stress scenario, the Bank is able to maintain growth through Increased spread levels are estimated to increase funding cost and reduce lending margins. As a result, the loss on the liquidity portfolio is close to 3 per cent of the portfolio in The Bank will have a negative result in 2018 before achieving positive results again in 2019 and

4 Without taking any extraordinary measures, the maximum reduction of CET1 in the period is 1.9 per cent, well within the capital conservation buffer of 2.5 per cent. Leverage ratio will be above 6 per cent over the entire period. The stress test shows that the Group is able to handle a significant macroeconomic setback. Depending on the prevailing market conditions, measures including repricing and reduced growth can be effectuated to cushion the reduction in CET1. 3. RISK MANAGEMENT The Bank shall adopt a holistic approach to risk management. The following principles therefore apply: The Bank s specifications for risk appetite shall be translated into specific risk management frameworks. Each risk area shall be allocated capital in line with its actual risk status, which in turn shall be tailored to the Bank s risk appetite. Risk management and reporting shall be performed in accordance with the abovementioned frameworks and objectives. The Bank s risk management systems and procedures shall be appropriate to the complexity of the business. Risk management shall be an ongoing and continuous process. Risk reporting shall be framed in an understandable manner and provide a clear picture of the Bank s risk situation to all stakeholders. Risk management shall be performed across Group companies, at all levels within each individual Group company, and for the Group as a whole. The Bank shall assume only those risks that are understood by the Bank and the individual decision-maker. Responsibility for entering into agreements that cause the Bank to incur a risk is delegated through personal authorisations. Efforts shall be made to achieve as great a concordance as possible between risk and profitability. Profitability shall be measured individually (at the customer and exposure level), with respect to subportfolios/segments/ departments and for the Bank as a whole. Profitability shall be measured on a risk adjusted basis, and on the basis of financial capital allocated. From 1 January 2017, Sbanken adopted a revised framework for defining and implementing the desired risk appetite in its risk management. The revised framework is an important factor in ensuring that risk taking in the business is in accordance with the risk appetite as defined by the Board of Directors Organisation of risk management Three lines of defence The Bank s organisation is based on its risk management and internal control principles, and is designed such that it ensures that the Bank s risk strategy is implemented. The Bank s framework for internal control and risk management consists of three lines of defence, which constitute the organisational model for the Bank s risk management, risk control and compliance. The first line of defence includes all categories of employees and management of the Bank (except second-line employees). The first line performs risk assessments and implements risk controls that enable the Bank to operate within the risk framework and risk appetite defined by the Board of Directors. First line is considered the risk owner, i.e. the party responsible for monitoring and implementing control activities. The second line of defence consists of two independent control functions the Risk Management function and the Compliance function that monitor and check that the Bank is operating within its risk limits and relevant laws and regulations. The third line of defence consists of the internal auditor, who is responsible for independent testing of risk management procedures. The function is independent in that the internal auditor is appointed by the Board of Directors. The function reports directly to the Board of Directors. The organisational structure of the Bank aims to ensure clear responsibilities, risk ownership and independent risk reporting. Figure 5 gives an overview of the organisation of risk management. Figure 5 Organisation of risk management Risk Price and interest Board s Audit Management s Assets and liabilities Business units Board and sub-s Remuneration Credit Risk and compliance Board of Directors 1 st line of defence 2 nd line of defence Board of Directors and its sub-s The Board of Directors has the principal responsibility for ensuring that the Bank manages risk effectively, by approving the Bank s risk appetite and risk management framework, and by monitoring the Bank s aggregate risk exposure. The Board of Directors also ensures that the allocated capital to meet these risks within the operation fulfils the internal and external requirements. The Board of Directors is further respons ible for ensuring that management establishes and maintains an efficient system to plan and control operations and risks, and that operations are compliant with the relevant legal framework. In addition, the Board of Directors ensures that management provides regular and adequate feedback to the Board of Directors, enabling it to execute its monitoring duties and policy decisions relating to risk management. The Board of Directors s listed below are sub-s (all members of the sub-s are board members) that convene to prepare and recommend advice for the Board of Directors within their respective fields: Audit Committee: the Bank s Audit Committee monitors and secures the quality of financial reporting and the internal controls for financial reporting. It also evaluates the work and the independence of the external auditor. Risk Committee: the Bank s Risk Committee monitors and issues policy recommendations to the Board of Directors concerning management of the Bank s aggregate risk exposure. The Committee s mandate includes regularly assessing whether the Bank s internal control and management systems are appropriately adapted to risk exposure and the nature of the business, in addition to evaluating the work and independence of the internal auditor. CEO CRO Risk control Compliance Internal audit 3 rd line of defence Finance Treasury CFO 1 st line of defence Primary line of reporting Secondary line of reporting Legal External audit Remuneration Committee: the Bank s Remuneration Committee recommends the principles and parameters for the Bank s remuneration policy. It monitors compliance with the remuneration policy and makes recommendations to the Board of Directors on the outcomes for specified roles within the Bank. The Remuneration Committee assesses whether the Bank s remuneration policy creates incentives that are in conflict with the Bank s risk profile. CEO and management s The CEO has the principal operative responsibility for implementing risk management procedures and securing achievement of the Board of Directors adopted objectives, including efficient risk management and internal control systems. A number of advisory s have been established to support the CEO in the exercise of his/her responsibility for risk management: Risk and Compliance Committee: chaired by the Chief Risk Officer ( CRO ), the Bank s Risk and Compliance Committee reports to the CEO; it supervises the Bank s risk management and compliance programme and oversees the Bank s governance, risk and control frameworks. The Committee also regularly evaluates aggregate risk exposure, concentration risk, risk versus reward returns and compliance with the regulatory framework. Asset and Liability Committee: chaired by the Bank s CFO, the Bank s Asset and Liability Committee reports to the CEO and advises on the strategic management of the Bank s balance sheet and the risk management framework for all treasury risks: principally market, liquidity, capital and counterparty credit risks and associated earnings volatility. Credit 6 7

5 Product Pricing and Interest Rate Committee: chaired by the Bank s CFO, the Bank s Product Pricing and Interest Rate Committee reports to the CEO and reviews and suggests the pricing strategy and decisions relating to the Bank s products. Credit Committee: chaired by the Head of Credit, the Bank s Credit Committee reports to the CEO. The Committee evaluates current and future risk exposure and defines parameters for the granting of credit. The Risk Management function The Bank s Risk Management function is headed by the CRO and has three main areas of responsibility: Developing a framework and guidelines including development, maintenance, and validation of risk models, analyses of current and future risks, and preparing risk reports for management, the Board of Directors, and other internal and external stakeholders; Managing the applied systems and tools, including risk assessment and incident reporting, as well as coordinating the risk assessment process; Challenging the applied risk management The CRO is independent of those managers responsible for risk taking, and does not participate in decisions that directly relate to areas subject to monitoring and reporting. The CRO reports organisationally directly to the CEO, but is entitled and obliged to report directly to the Board of Directors if the Board of Directors does not receive sufficient information about significant risks via ordinary reporting. The CRO may not be given notice without the consent of the Board of Directors. The Compliance function The Compliance function is headed by the Chief Compliance Officer (CCO). The responsibilities of the Compliance function are executed under a compliance plan that sets out the planned activities. The programme includes, but is not limited to, activities such as compliance risk assessments, monitoring and compliance testing, reviewing implementation of specific policies and procedures, and compliance coaching and training. The compliance programme is approved by the Board of Directors. The function also supports and advises management and the business in general on compliance laws, rules and standards, including informing management and the Board of Directors of developments in the area, and supporting development routines and processes to secure compliance with relevant regulations. The CCO reports to the Board of Directors on matters of a professional nature, while reporting directly to the CEO on matters that are of a personnel-related nature. However, the CCO is always entitled and obliged to report on matters that represent a compliance risk to both the CEO and the Board of Directors. Internal Audit The Internal Audit function reports to the Board of Directors in accordance with the annual plan adopted by the Board of Directors, providing independent confirmation of the business internal controls Risk areas The Bank s risk strategy comprises a combination of its risk appetite, risk capacity and risk culture. The Bank s core business involves offering standard banking services in connection with deposits, savings, lending and payment transactions to private customers. The Bank shall not assume any material risk other than that deriving from maintaining and developing this core business, i.e. from risk areas with specified risk appetite. The Bank shall be a secure and solid bank for private individuals, and in the future for small SMEs. The Bank shall have a healthy risk culture, based on openness, transparency and competence, and shall constantly challenge its methods, processes and routines in order to improve its performance. Sbanken s Board of Directors determines the Bank s risk appetite with respect to the different categories, and issues guidelines to the business on how this risk appetite should be operationalised. The Bank operates in accordance with the following risk appetite: Figure 6 Risk appetite Risk area Credit risk Market risk Liquidity risk Operational risk Compliance risk Commercial and strategic risk Risk appetite Low to moderate Low Low Low to moderate Low Moderate Credit risk Credit risk is defined as the risk of loss resulting from a counterparty not fulfilling its obligations, and pledged collateral or other security not covering the outstanding claim. Market risk Market risk is the risk of loss due to unfavourable changes in market variables, such as interest rates, exchange rates and credit spreads. Liquidity risk Liquidity risk comprises the following two elements: refinancing risk, which is the risk of the Bank being unable to refinance its obligations as they fall due for payment, and price risk, which is the risk of the Bank being unable to refinance its obligations without a material increase in costs. Operational risk Operational risk is the risk of unexpected fluctuations in results which are attributable to inadequacies or failures in internal processes and systems, employees or external events. Compliance risk Compliance risk is the risk of legal or regulatory sanctions, material financial loss, or loss to reputation a bank may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organisation standards, and codes of conduct applicable to its banking activities. Commercial and strategic risk Commercial risk is the risk that earnings will weaken, including changes in volumes, interest margins and other price changes associated with borrowing and lending, weakened net commission income and earnings that are insufficient to cover costs. The risk may arise as a result of cyclical change, competitive conditions and changes in customer behaviour, among other factors. Strategic risk refers to the long-term risk that arises as a result of erroneous or imperfectly conceived commercial decisions, poor or incorrect implementation of decisions, or inadequate sensitivity to changes in customer preferences, the regulatory system or the financial sector Credit risk Credit risk accounts for the bulk of Sbanken s risk. The way credit is managed depends on whether the credit risk is attributable to lending to the public in the form of the mass market or whether the credit risk relates to other exposures, in particular the placement of surplus liquidity. Sbanken s mass-market lending is in the form of loans made to individuals secured by mortgage, real estate, amortised loans, securities, or motor vehicle as well as unsecured personal loans, overdrafts and credit cards. Sbanken maintains surplus liquidity, which is invested in short-term lending and securities with counterparties and issuers such as the government, local authorities, institutional and commercial sectors. Risk profile Risk shall be weighed against returns and balanced so that the Bank remains within the specified risk appetite. Rules and tools for credit assessment shall ensure that the Bank avoids high-risk credit exposures. Credit risk outside the specified risk appetite shall not be taken on by the Bank, nor compensated by means of higher prices. Credit policy The Bank s credit policy describes principles, rules and frameworks, along with targets for management of credit risk in connection with lending to the mass market. The policy shall ensure that the Bank manages credit risk in accordance with applicable legislation and regulations, and that the strategy and management processes for credit risk are implemented and maintained. Furthermore, it shall secure appropriate quality of implementation and monitoring of the Bank s credit processes and ensure that credit management is consistent with the established risk appetite and approved credit mandates. The Bank is exposed to credit risk in its liquidity portfolio, and risk management, including measurement, monitoring and reporting, is laid down in the Policy for Credit Risk in connection with liquidity management and major exposures. The Bank is additionally exposed to credit risk (counterparty risk) in interbank transactions, derivative transactions and settlements of transactions that are also deemed to be covered by the Banks s liquidity management. Credit approval framework The credit approval framework defines the frameworks for granting of credit mandates to staff. The credit mandates are personal and differentiated by volume and position level. The Bank s Board of Directors has an unrestricted right to make decisions concerning credit exposures and shall always review major cases. Figure 7 Mandate level Mandate level Board of directors CEO Delegate Case handler 8 9

6 Credit assessment process Risk attaching to mass-market lending for all credit cases is managed by assessing the borrower s ability and propensity to pay, and by valuing any collateral. Account is also taken of the counterparty s aggregate exposure, including any exposure attributable to co-borrowers. Credit assessments are essentially performed by reference to automated credit procedures in which credit scoring represents a key element. Sbanken s automated credit decisions ensure a homogeneous loan portfolio where the quality is generally high. Risk classification/scoring models The Bank uses credit risk models to measure credit risk attaching to mass-market lending. Credit risk is classified and quantified using a number of different systems, processes and methods. Credit scoring models for all lending products are based on statistical data; however, some models also make use of expert evaluations. These models estimate the probability of defaults, taking into account factors such as payment history, income, assets and the number of borrowers. Losses on collateralised loans are estimated based on defaults, where the extent of losses is primarily based on the value of collateral in relation to the size of the loan. Credit risk is measured and monitored by calculating economic capital related to the lending portfolio. The main components for this calculation are probability of default (PD), expected exposure at default (EAD) and loss given default (LGD). PD is defined as the probability of a customer defaulting on his/her exposure during the next 12 months. This could include payment defaults of more than 601 days of a minimum of NOK 200 or other specific matters that affect the customer s ability to service the loan. PD for the residential mortgage portfolio is calculated using statistical models based on logistic regression of internal data. PD for the other products is calculated using a model based on external data that is calibrated for an internal product-specific PD. The following grouping is used to classify PD: Figure 8 Risk classification Low risk Probability of default < 1.25% Moderate risk Probability of default 1.25% - 5% High risk Probability of default > 5% Validation/stress testing The Bank validates its models on a yearly basis, and in connection with ICAAP stress-tests the portfolio s sensitivity to changed macro conditions Market risk Management of market risk is described in the Bank s Policy for Market Risk, which includes guidelines, frameworks and management targets established by the Board of Directors. The policy also describes organisation, allocation of responsibility and routines for monitoring developments, and compliance with guidelines. Market risk shall be managed at portfolio and transaction level, and the Bank applies quantitative frameworks to manage this risk. The Risk Management function is responsible for reporting risk to the Bank s Management, including management s and the Board of Directors, monthly and quarterly respectively. Sbanken is exposed to market risks such as interest rate risk, currency risk, share price risk and credit spread risk. Interest rate risk Interest rate risk is the risk of loss resulting from a general change in market rates due to different terms to maturity on the asset and liability sides of the balance sheet. The Bank shall have a low risk exposure within this area, and efforts shall be made to neutralise this risk such that changes in market rates do not affect the Bank s profit and loss. The fact that the Bank currently does not offer fixed-interest loans or fixed-interest deposits guarantees low risk exposure. Interest terms for lending and deposits at variable interest rates can be adapted to interest rates in the market at short notice (six weeks for residential mortgages and two months for deposits), as established in 18 and 50 of the Norwegian Act on Financial Contracts and Financial Assignments. Currency risk Currency risk is the risk of loss resulting from changes in exchange rates. If borrowing is to be undertaken in any currency other than NOK, hedging transactions shall be entered into, such that the exchange rate risk is minimised. Sbanken does not have lending or funding in foreign currency and thus has a low currency risk. Credit spread risk Credit spread risk is the risk that the value of interest-bearing securities will be reduced as a result of an increase in the margin for corresponding credit instruments in the market. The Bank calculates its exposure to credit spread risk in accordance with the methodology prescribed by the FSA (Circular 12/2016). The Bank s credit spread risk primarily relates to interest -bearing securities issued by local authorities and covered bonds. Share price risk Share price risk is the risk of loss resulting from a fall in share prices. The Bank has limited share price risk. Stress tests Sensitivity analyses shall be carried out on the Bank s market risk exposures each year. This shall as a minimum contain the following stress scenarios in which the Bank analyses the consequences of the Bank s results and capital in different events Liquidity risk The Bank s liquidity risk is managed through various frameworks and management targets established by the Board of Directors, as defined in the Liquidity Risk Policy. Frameworks and management targets at Sbanken are designed to enable the Bank to maintain a low risk profile. The contingency plan for managing financial crises describes the measures that need to be implemented in the event of a liquidity crisis. The actions taken in liquidity crises depend on the crisis escalation level. The Treasury department is responsible for operational liquidity management and for managing liquidity risk so that the Bank minimises its financing costs, at the same time as the refinancing risk is kept within the Board of Directors specified risk appetite. However, liquidity risk is managed at a consolidated level, at various company levels and down to the individual transaction. Monitoring of frameworks and stress tests are carried out by the Risk Management function, and in monthly and quarterly reporting to the management s and the Board of Directors. The Bank measures liquidity risk over the short and long term. Short-term risk measures include the liquidity coverage ratio (LCR), and internal stress tests. The main long-term measure is the net stable funding ratio (NSFR). The LCR and NSFR are measured in accordance with methodology established by the FSA. Stress tests The Bank carries out stress tests for seven different terms (from intraday to up to one year) in connection with ICAAP and ILAAP. In addition, two different scenarios are modelled, mild and hard stress, with three different types of stress: bank-specific stress, market-specific stress and a combination of bank-specific stress and market-specific stress. In each stress scenario, the Bank analyses the consequences for financing requirements of various changes in the Bank s most important assets and liabilities. Financing sources The Bank s financing comprises covered bonds, senior bonds and certificates and deposits, where the Figure 9 Stress tests, market risk Market risk Parameter Scenario Interest rate Parallel shift interest curve 2 percentage points Shares Impairment of shares and funds 45% 1 With the implementation of the IFRS 9 reporting standards, the default definition will change to payment defaults of more than 90 days of a minimum of NOK 800 or other specific matters that affect the customer s ability to service the loan. Currency Exchange rate change 25% 10 11

7 latter is the main source of financing. The Bank has a low tolerance for short-term financing risk and shall be able to manage a serious stress scenario. The Bank prefers relation-based borrowing, but shall also strive to diversify its borrowing sources. Due to its current growth phase, the Bank is increasingly reliant on the financing market. In order to cater for this risk, the Bank shall use different markets to cover its financing requirements. Together, diversification of both financing sources and markets, and staggering of the maturity structure for borrowings reduce the risk associated with a growing dependency on the financing market. Maturity structure The CFO is responsible for ensuring that ongoing forecasts are prepared covering the Bank s financing requirements for at least the next 12 months. The financing plan is reviewed by ALCO at the start of each forecast period, quarterly as a minimum. ALCO advises the CEO on the financing plan, and Treasury s operations are subsequently based on this plan. In addition, the framework for LCR and intraday and overnight financing requirements help to keep short-term financing risk low. The Bank shall endeavour to maintain a balanced maturity profile, and as a main rule shall not have a maturity concentration under which more than 30 per cent of the capital market financing matures the next 12 months. Rating Sbanken ASA has a long-term rating of A3 with a stable outlook from Moody s. Covered bonds issued by Sbanken Boligkreditt AS have a long-term rating of Aaa from Moody s Operational and compliance risk Sbanken s Policy for Operational Risk shall ensure that the Bank runs its business in accordance with statute and the Bank s strategy for risk management. The policy also guides the Bank on how to operate in a secure and profitable manner and ensures that a reasonable risk level is maintained at all times. The Bank s Policy for Operational Risk, including contingency plans, describes preventive and mitigating measures. In addition to policies and instructions, and procedures and job descriptions, Sbanken has a self-evaluation process for risk and internal control. The Board of Directors is responsible for establishing the Bank s operational risk profile and for approving the Bank s operational risk level by establishing frameworks for management. To enable the Board of Directors to exercise its responsibility, the Bank s internal audit function shall carry out control tests, and based on the results of these give the Board of Directors an independent assessment of the Bank s management and control of operational risk. The Risk Management function is responsible for the aggregate framework for contingency and collateral, including a shared routine structure, risk analysis and reporting to management and the Board of Directors. Establishment of specific objectives/frameworks for operational risk is a prerequisite for effective management of operational risk. Sbanken assesses risk by establishing the probability (frequency) and consequence (degree of seriousness) of events and risks, where events are something that has happened, and risk is something that could happen. The product of probability and consequence is defined as risk and is presented using the colour categories red, yellow and green. All risks categorised as yellow shall be presented to the CEO for review. All risks categorised as red shall be presented to the Board of Directors for review. Sbanken continually assesses potential risk scenarios and has a process for identifying, evaluating and controlling operational risk. Using an event database to register and monitor operational risks provides the Bank with ongoing and more objective information about the business operational losses and risks. Data from the event database is aggregated and included in risk reporting to the CEO and the Board of Directors. Data from the event database will also provide input for measures and for evaluating whether routines are functioning as intended, as part of the ongoing assessment of implementation of internal controls (ref. 28 of the CRR/CRD IV Regulation). The Bank s managers continually assess potential risk scenarios, and take appropriate measures for new or changed risks. Each quarter the Bank s key risks are assessed using a structured process for risk assessment, where the probability and consequences are evaluated for each risk/event including associated introduction of risk-reducing measures. In addition, an annual risk assessment is carried out in the Bank, wherein each individually defined functional area is subject to a bottom-up management declaration, while the internal auditor assesses the Bank s internal controls and risk assessment. The Bank s most important operational risks including related proposed measures are included in the Bank s ICAAP, and the annual management declaration. Any material operational risk or defects in internal controls identified in the annual review are reported to the Bank s management and Board of Directors, who have the principal responsibility for ensuring that the Bank carries out internal controls. Compliance risk is managed through regular reviews and controls, which are reported to the Board of Directors and management Strategic and commercial risk By strategic risk, Sbanken refers to the long-term risk that arises as a result of erroneous or incorrect business decisions, the unfortunate or improper implementation of decisions, or lack of responsiveness to changes in society, competition, technology, regulation or the banking and finance sector. Commercial risk is the risk that income will decline, including changes in volume, interest margins and other price changes connected to borrowing and lending, weakened net commission and income being insufficient to cover costs. The risk may arise as a result of cyclical change, competitive conditions and changes in customer behaviour, among other factors. When measuring commercial risk, changes that are due to credit losses and other risks such as market risk, liquidity risk and operational risk are all taken into account. The extent of the commercial risk is affected primarily by fluctuations in interest rates and net commissions. Certain cost elements are a result of changes in income based on volume and transactions; other costs can be considered as variable without being volume or transaction-based, while others still are considered fixed. The distribution between variable and fixed costs determines the Bank s ability to influence potential loss of income in the short-term. Commercial risk is managed through diversification of income, stability in income generation and control of costs. 4. REMUNERATION The Bank s remuneration policy should ensure that the Bank can attract, retain and motivate its employees. The remuneration policy is based on the Bank s business concept and objectives, the market and competitive situation, and the Bank s economic circumstances. The level of salaries should reflect that the Bank aims to be both cost efficient and competitive. The remuneration scheme should comply with the Bank s overall objectives, risk tolerance and long-term interests. The remuneration policy for employees is designed to support Sbanken in achieving its objectives, and to contribute to effective governance and prevent excessive or inappropriate risk taking. The guidelines of the policy apply to all remuneration for all employees of the Bank and Sbanken Boligkreditt AS. Total remuneration comprises an agreed fixed salary, variable salary, pension contributions, payments in kind and employee benefits (insurance schemes, development and career programmes). The remuneration scheme is designed to ensure that the Bank complies with applicable regulations and guidelines for remuneration by financial institutions. The company has a joint performance-related pay scheme for all permanent employees employed on a FTE (full time equivalent) basis of 40 per cent or more. This scheme ensures that the company achieves its overall objectives and strategies, while also ensuring good interaction across the company s divisions. The performance-related scheme is connected to Sbanken s results and other factors that the individual has the opportunity to influence. The maximum performance-related pay available is one and a half month s salary. The performance-related pay scheme is determined by the Board of Directors. The scheme is general and payments do not represent more than one and a half month s salary per annum, and is part of a general non-discretionary assessment policy encompassing the entire institution. This means that the scheme is exempted from the Remuneration Regulations, cf. the FSA s Circular 5/ STATUS EXPOSURE 31 DECEMBER 2017 The status of the exposure as of 31 December 2017 is included in a separate Annex. The Bank has elected to structure its Pillar III report based on the Basel Committee s standard for Pillar III reporting. The Annex shows which information is not relevant to the Bank this primarily comprises the form for IRB institutions or areas in which Sbanken has no exposure. The Bank solely engages in banking business (companies in the financial sector) and the Bank s wholly owned subsidiary, Sbanken Boligkreditt AS, is fully consolidated. There is therefore no difference between solvency and accounting consolidation. There are only minor differences between accounting and capital adequacy exposure. These are stated in LI2 in the Annex

8 Sbanken ASA Postboks Bergen sbanken.no 14